Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#16 Příspěvek od Márty84 »

:arrow: Nalezy MBAM nechte odstranit, pak ho odinstalujte.

:arrow: Zopakujte krok s ADWCleanerem http://forum.viry.cz/viewtopic.php?f=13 ... 6#p1319265

:???: Jste pripojena pres wifi, nebo kabel?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#17 Příspěvek od Miri@ »

Provedeno, zasilam log. A jsem ted pripojena pres Wifi.

# AdwCleaner v3.208 - Report created 13/05/2014 at 11:30:22
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anh - ANH-PC
# Running from : C:\Users\Anh\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\Browser Updater
File Deleted : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (de)

[ File : C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=71578&st=bs&tid=8195&ver=4.9&ts=1383588205442&tguid=71578-8195-1383588205442-C3EB81B79548169EB3F4ABFF94280D3E&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1399832044&from=tugs&uid=ST9500420AS_5VJEZFWEXXXX5VJEZFWE&q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&SSPV=
Deleted [Startup_urls] : hxxp://istart.webssearches.com/?type=hp&ts=1399831239&from=tugs&uid=ST9500420AS_5VJEZFWEXXXX5VJEZFWE
Deleted [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1399832044&from=tugs&uid=ST9500420AS_5VJEZFWEXXXX5VJEZFWE
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&SSPV=
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [10577 octets] - [12/05/2014 10:40:09]
AdwCleaner[R1].txt - [1909 octets] - [13/05/2014 11:22:54]
AdwCleaner[S0].txt - [8949 octets] - [12/05/2014 10:46:45]
AdwCleaner[S1].txt - [2388 octets] - [13/05/2014 11:30:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2448 octets] ##########
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#18 Příspěvek od Márty84 »

:???: Ten problem ma jen vas pocitac, nebo se to deje vice lidem v okoli?


:!: Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#19 Příspěvek od Miri@ »

Tedka jsem zrovna ve skole, takze pouzivam skolni wifi, na koleji totiz od pondeli internet nejde. Neptala jsem se sice vsech, ale nevim o nikom, kdo by mel obdobny problem.



ComboFix 14-05-13.01 - Anh 14.05.2014 8:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.4003.2633 [GMT 2:00]
ausgeführt von:: c:\users\Anh\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anh\AppData\Local\Microsoft\Windows\Temporary Internet Files\SaltarSmart_iels
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-14 bis 2014-05-14 ))))))))))))))))))))))))))))))
.
.
2014-05-14 06:52 . 2014-05-14 06:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 08:48 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAC2AEE6-3728-4354-97FA-33E259620188}\mpengine.dll
2014-05-12 08:40 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-12 08:40 . 2014-05-13 09:35 -------- d-----w- C:\AdwCleaner
2014-05-11 23:16 . 2014-05-12 10:53 -------- d-----w- c:\program files\trend micro
2014-05-11 22:59 . 2014-05-11 22:59 -------- d-----w- c:\program files (x86)\trend micro
2014-05-11 22:59 . 2014-05-11 22:59 -------- d-----w- C:\rsit
2014-05-11 22:42 . 2014-05-13 07:15 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 22:42 . 2014-05-11 22:42 -------- d-----w- c:\programdata\Malwarebytes
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\users\Anh\AppData\Local\WinZip
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\programdata\WinZip
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\program files\WinZip
2014-05-11 18:26 . 2014-05-11 18:26 -------- d-----w- c:\users\Anh\AppData\Roaming\ARecEngine
2014-05-11 18:11 . 2014-05-13 07:22 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-11 18:11 . 2014-05-11 18:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-11 18:10 . 2014-05-11 18:10 43152 ----a-w- c:\windows\avastSS.scr
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\program files\WinPcap
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\programdata\VSO
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\program files (x86)\VSO
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\users\Anh\AppData\Local\Programs
2014-05-09 16:10 . 2014-05-09 16:10 -------- d-sh--w- c:\users\Anh\AppData\Local\EmieUserList
2014-05-09 16:10 . 2014-05-09 16:10 -------- d-sh--w- c:\users\Anh\AppData\Local\EmieSiteList
2014-05-07 06:55 . 2014-05-07 06:55 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 13:53 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 13:53 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 06:14 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-04 06:14 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-04 06:14 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-03 06:34 . 2014-05-03 06:34 -------- d-----w- c:\users\Anh\AppData\Roaming\DropboxMaster
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 07:22 . 2013-08-31 09:54 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-13 07:22 . 2013-08-31 09:54 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-11 18:10 . 2013-08-31 09:54 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-11 18:10 . 2013-08-31 09:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-11 18:10 . 2013-08-31 09:54 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-11 18:10 . 2013-08-31 09:54 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-11 18:10 . 2013-08-31 09:54 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-28 19:51 . 2014-02-03 20:30 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-28 19:51 . 2014-02-03 20:30 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 05:05 . 2013-11-08 14:45 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-09 05:55 . 2013-11-04 18:04 34376 ----a-w- c:\windows\Launcher.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-06 09:31 . 2014-04-11 04:51 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 04:50 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 04:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 04:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 04:50 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 04:50 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 04:51 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 04:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 04:50 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 04:50 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 04:50 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 04:50 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 04:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 04:50 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 04:51 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 04:50 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 04:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 04:50 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 04:51 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 04:50 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 04:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 04:50 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 04:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 04:50 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 04:50 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 04:50 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 04:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 04:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 04:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 04:50 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 04:50 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 04:50 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 04:50 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 11:28 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:28 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:28 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:28 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:28 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:28 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:28 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:28 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-02-14 07:15 . 2014-03-23 22:55 34 ----a-w- c:\users\Anh\AppData\Roaming\pdfdrawcodec.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-06 336384]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-11 3873704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Anh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-26 11:27 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-03 19:51]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 09:54]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 09:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-11 18:10 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-20 525312]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-28 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-28 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-28 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 134.155.96.52 134.155.96.53
FF - ProfilePath - c:\users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-fst_de_7_is1 - c:\program files (x86)\fst_de_7\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-14 08:58:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-14 06:58
.
Vor Suchlauf: 420.320.706.560 bytes free
Nach Suchlauf: 420.760.350.720 bytes free
.
- - End Of File - - 5F5682CFCCB07271103DB074E08C233A
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#20 Příspěvek od Márty84 »

Ptal jsem se proto, ze se ted siri havet, ktera se usadi v routeru. Pak se muze pc cistit od rana do vecera a je to stejne marne :D


:arrow: Vypnete trvale Windows Defender

:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"GrooveMonitor"=-
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
c2cautoupdatesvc
c2cpnrsvc

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#21 Příspěvek od Miri@ »

Tak to doufám nebude můj případ^^'. Zasilam log a mimochodem ten windows defender mam nechat porad vypnutej?


ComboFix 14-05-13.01 - Anh 14.05.2014 21:20:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1033.18.4003.2591 [GMT 2:00]
ausgeführt von:: c:\users\Anh\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anh\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-14 bis 2014-05-14 ))))))))))))))))))))))))))))))
.
.
2014-05-14 19:25 . 2014-05-14 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 08:48 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAC2AEE6-3728-4354-97FA-33E259620188}\mpengine.dll
2014-05-12 08:40 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-12 08:40 . 2014-05-13 09:35 -------- d-----w- C:\AdwCleaner
2014-05-11 23:16 . 2014-05-12 10:53 -------- d-----w- c:\program files\trend micro
2014-05-11 22:59 . 2014-05-11 22:59 -------- d-----w- c:\program files (x86)\trend micro
2014-05-11 22:59 . 2014-05-11 22:59 -------- d-----w- C:\rsit
2014-05-11 22:42 . 2014-05-13 07:15 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 22:42 . 2014-05-11 22:42 -------- d-----w- c:\programdata\Malwarebytes
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\users\Anh\AppData\Local\WinZip
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\programdata\WinZip
2014-05-11 18:28 . 2014-05-11 18:28 -------- d-----w- c:\program files\WinZip
2014-05-11 18:26 . 2014-05-11 18:26 -------- d-----w- c:\users\Anh\AppData\Roaming\ARecEngine
2014-05-11 18:11 . 2014-05-13 07:22 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-11 18:11 . 2014-05-11 18:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-11 18:10 . 2014-05-11 18:10 43152 ----a-w- c:\windows\avastSS.scr
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\program files\WinPcap
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\programdata\VSO
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\program files (x86)\VSO
2014-05-11 08:21 . 2014-05-11 08:21 -------- d-----w- c:\users\Anh\AppData\Local\Programs
2014-05-09 16:10 . 2014-05-09 16:10 -------- d-sh--w- c:\users\Anh\AppData\Local\EmieUserList
2014-05-09 16:10 . 2014-05-09 16:10 -------- d-sh--w- c:\users\Anh\AppData\Local\EmieSiteList
2014-05-07 06:55 . 2014-05-07 06:55 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 13:53 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 13:53 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 06:14 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-04 06:14 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-04 06:14 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-03 06:34 . 2014-05-03 06:34 -------- d-----w- c:\users\Anh\AppData\Roaming\DropboxMaster
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 08:50 . 2014-02-03 20:30 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:50 . 2014-02-03 20:30 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 07:22 . 2013-08-31 09:54 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-13 07:22 . 2013-08-31 09:54 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-11 18:10 . 2013-08-31 09:54 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-11 18:10 . 2013-08-31 09:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-11 18:10 . 2013-08-31 09:54 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-11 18:10 . 2013-08-31 09:54 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-11 18:10 . 2013-08-31 09:54 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-10 05:05 . 2013-11-08 14:45 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-09 05:55 . 2013-11-04 18:04 34376 ----a-w- c:\windows\Launcher.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-06 09:31 . 2014-04-11 04:51 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 04:50 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 04:51 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 04:50 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 04:50 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 04:50 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 04:51 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 04:51 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 04:50 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 04:50 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 04:50 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 04:50 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 04:50 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 04:50 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 04:51 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 04:50 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 04:51 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 04:50 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 04:51 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 04:50 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 04:50 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 04:50 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 04:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 04:50 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 04:50 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 04:50 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 04:50 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 04:50 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 04:50 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 04:50 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 04:50 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 04:50 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 04:50 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 11:28 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:28 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:28 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:28 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:28 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:28 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:28 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:28 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:28 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:28 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-02-14 07:15 . 2014-03-23 22:55 34 ----a-w- c:\users\Anh\AppData\Roaming\pdfdrawcodec.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-06 336384]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-11 3873704]
.
c:\users\Anh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-26 11:27 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-03 08:50]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 09:54]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 09:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-11 18:10 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Anh\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-20 525312]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-28 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-28 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-28 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-fst_de_7_is1 - c:\program files (x86)\fst_de_7\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-14 21:31:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-14 19:31
ComboFix2.txt 2014-05-14 06:58
.
Vor Suchlauf: 418.126.143.488 bytes free
Nach Suchlauf: 418.153.701.376 bytes free
.
- - End Of File - - 70FCCA28BD0A937D5CB095872F9D90C4
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#22 Příspěvek od Márty84 »

Miri@ píše:...ten windows defender mam nechat porad vypnutej?
Ano, bezi uplne zbytecne a navic muze kolidovat s Avastem :)


:???: Co Avast, hlasi problem, nebo je ted potichu?

:arrow: Dejte novy log z RSIT

a k tomu

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#23 Příspěvek od Miri@ »

Tak tady zasilam nejdriv log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Anh at 2014-05-15 08:45:20
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 399 GB (84%) free of 477 GB
Total RAM: 4003 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:45:23, on 15.05.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Anh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - Startup: Dropbox.lnk = C:\Users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9208 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-37f73360-9233-4472-9b7e-025437f4d1e2 -SystemEventPortName:HostProcess-e44b2ba5-aa8f-4e65-8530-a464b4f08b67 -IoCancelEventPortName:HostProcess-8d8d59f3-399d-41b5-af5c-5b10a24389d5 -NonStateChangingEventPortName:HostProcess-00ed1849-9263-4734-a64e-a917c0db44f6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:961f6083-09dd-49e8-94a4-90bd902b4a84 -DeviceGroupId:WpdFsGroup
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {76B14B2E-4277-4214-A1FA-F62DDCFD4BBC}
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5052.0.1734748345\775371264" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,28 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.811.1.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=de --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="5052.1.1910157132\1175261327" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=de --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="5052.2.631903929\403599408" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=de --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="5052.3.724494560\194085283" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=de --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="5052.4.189086535\2069385951" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5052.15.597614250\1380819053" --ppapi-flash-args --lang=de --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=de --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/Disabled/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="5052.19.1390064430\2147080711" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
taskeng.exe {83D0409C-01C7-439E-B023-5837F80F2D75}
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\Anh\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\
security@protegere.org
{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-11 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2010-12-17 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-11 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-01-20 525312]
"AtherosBtStack"=C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [2010-12-17 613536]
"AthBtTray"=C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [2010-12-17 379040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-11-28 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-11-28 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-11-28 417304]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-06 336384]
"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2010-08-11 487561]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-11 3873704]

C:\Users\Anh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Anh\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-11-28 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-05-15 07:30:06 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 07:30:06 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 07:30:05 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 07:30:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-14 21:31:03 ----A---- C:\ComboFix.txt
2014-05-14 21:27:49 ----D---- C:\$RECYCLE.BIN
2014-05-14 13:58:01 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-14 13:58:01 ----A---- C:\Windows\system32\kerberos.dll
2014-05-14 13:58:00 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-14 13:58:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-14 13:58:00 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-14 13:58:00 ----A---- C:\Windows\system32\winlogon.exe
2014-05-14 13:58:00 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-14 13:57:59 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-14 13:57:59 ----A---- C:\Windows\system32\objsel.dll
2014-05-14 13:57:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-14 13:57:58 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-14 13:57:58 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-14 13:57:58 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-14 13:57:58 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-14 13:57:58 ----A---- C:\Windows\system32\wdigest.dll
2014-05-14 13:57:58 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-14 13:57:58 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-14 13:57:57 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-14 13:57:57 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-14 13:57:57 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-14 13:57:57 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\schannel.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-14 13:57:57 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-14 13:57:57 ----A---- C:\Windows\system32\adprovider.dll
2014-05-14 13:57:56 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-14 13:57:56 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-14 13:57:56 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-14 13:57:56 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-14 13:57:56 ----A---- C:\Windows\system32\sspicli.dll
2014-05-14 13:57:56 ----A---- C:\Windows\system32\lsass.exe
2014-05-14 13:57:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-14 13:57:56 ----A---- C:\Windows\system32\credssp.dll
2014-05-14 13:57:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-14 13:57:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-14 13:57:55 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-14 13:57:55 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-14 13:57:55 ----A---- C:\Windows\system32\secur32.dll
2014-05-14 13:57:47 ----A---- C:\Windows\system32\shell32.dll
2014-05-14 13:57:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-14 13:57:45 ----A---- C:\Windows\system32\aepdu.dll
2014-05-14 13:57:44 ----A---- C:\Windows\system32\aeinv.dll
2014-05-14 08:45:16 ----A---- C:\Windows\zip.exe
2014-05-14 08:45:16 ----A---- C:\Windows\SWSC.exe
2014-05-14 08:45:16 ----A---- C:\Windows\SWREG.exe
2014-05-14 08:45:16 ----A---- C:\Windows\sed.exe
2014-05-14 08:45:16 ----A---- C:\Windows\PEV.exe
2014-05-14 08:45:16 ----A---- C:\Windows\NIRCMD.exe
2014-05-14 08:45:16 ----A---- C:\Windows\MBR.exe
2014-05-14 08:45:16 ----A---- C:\Windows\grep.exe
2014-05-14 08:45:07 ----D---- C:\Qoobox
2014-05-14 08:44:54 ----D---- C:\Windows\erdnt
2014-05-12 10:40:36 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-05-12 10:40:06 ----D---- C:\AdwCleaner
2014-05-12 10:22:18 ----A---- C:\AVScanner.ini
2014-05-12 01:16:28 ----D---- C:\Program Files\trend micro
2014-05-12 00:59:31 ----D---- C:\Program Files (x86)\trend micro
2014-05-12 00:59:30 ----D---- C:\rsit
2014-05-12 00:42:21 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-12 00:42:05 ----D---- C:\ProgramData\Malwarebytes
2014-05-11 20:28:38 ----D---- C:\ProgramData\WinZip
2014-05-11 20:28:33 ----D---- C:\Program Files\WinZip
2014-05-11 20:26:16 ----D---- C:\Users\Anh\AppData\Roaming\ARecEngine
2014-05-11 20:11:06 ----A---- C:\Windows\system32\drivers\aswstm.sys
2014-05-11 20:11:02 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-05-11 20:10:54 ----A---- C:\Windows\avastSS.scr
2014-05-11 20:02:29 ----D---- C:\ProgramData\TEMP
2014-05-11 10:21:37 ----D---- C:\Program Files\WinPcap
2014-05-11 10:21:29 ----D---- C:\ProgramData\VSO
2014-05-11 10:21:29 ----D---- C:\Program Files (x86)\VSO
2014-05-07 08:55:16 ----SD---- C:\Windows\system32\CompatTel
2014-05-03 08:34:48 ----D---- C:\Users\Anh\AppData\Roaming\DropboxMaster

======List of files/folders modified in the last 1 month======

2014-05-15 08:42:29 ----D---- C:\Windows\Microsoft.NET
2014-05-15 08:42:25 ----RSD---- C:\Windows\assembly
2014-05-15 08:40:41 ----D---- C:\Users\Anh\AppData\Roaming\Dropbox
2014-05-15 08:39:46 ----A---- C:\Windows\SYSWOW64\log.txt
2014-05-15 08:38:06 ----D---- C:\Windows\winsxs
2014-05-15 08:38:02 ----D---- C:\Windows\Temp
2014-05-15 08:37:35 ----D---- C:\Windows\system32\config
2014-05-15 08:36:17 ----D---- C:\Windows\SysWOW64
2014-05-15 08:36:17 ----D---- C:\Windows\System32
2014-05-15 08:36:15 ----D---- C:\Windows\system32\en-US
2014-05-15 08:36:15 ----D---- C:\Windows\system32\drivers
2014-05-15 07:30:13 ----D---- C:\Windows\system32\catroot2
2014-05-15 07:30:13 ----D---- C:\Windows\system32\catroot
2014-05-15 07:27:41 ----D---- C:\Windows\system32\MRT
2014-05-15 07:27:38 ----A---- C:\Windows\system32\MRT.exe
2014-05-15 07:27:28 ----SHD---- C:\Windows\Installer
2014-05-15 07:25:48 ----SHD---- C:\System Volume Information
2014-05-14 21:27:54 ----D---- C:\Windows
2014-05-14 21:27:54 ----A---- C:\Windows\system.ini
2014-05-14 21:27:45 ----D---- C:\Windows\system32\drivers\etc
2014-05-14 21:23:27 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-14 21:23:27 ----D---- C:\Windows\AppPatch
2014-05-14 21:23:25 ----D---- C:\Program Files (x86)\Common Files
2014-05-14 12:36:41 ----D---- C:\Windows\system32\NDF
2014-05-14 10:50:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-14 06:00:29 ----D---- C:\Users\Anh\AppData\Roaming\Skype
2014-05-13 11:20:39 ----RD---- C:\Program Files (x86)
2014-05-12 10:56:48 ----D---- C:\Windows\system32\wdi
2014-05-12 10:46:48 ----RD---- C:\Program Files
2014-05-12 10:46:48 ----D---- C:\ProgramData
2014-05-12 00:57:09 ----D---- C:\Windows\Performance
2014-05-11 20:27:07 ----D---- C:\Windows\system32\Tasks
2014-05-11 20:19:41 ----D---- C:\Windows\inf
2014-05-11 20:19:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-11 20:10:55 ----A---- C:\Windows\system32\aswBoot.exe
2014-05-11 10:21:49 ----D---- C:\Windows\Prefetch
2014-04-20 01:02:26 ----RD---- C:\Program Files (x86)\Skype
2014-04-18 09:41:38 ----D---- C:\ProgramData\Oracle
2014-04-18 09:35:04 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-11 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-11 208416]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-08-30 22600]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-11 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-13 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-13 423240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-11 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-11 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-13 85328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-06 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-06 295424]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2010-12-17 36000]
R3 athr;Dell Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-24 2673664]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2010-12-17 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-12-17 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-12-17 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-12-17 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-12-17 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2010-12-17 275616]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-06-07 174848]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-11-28 12252192]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-01-20 520192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-13 119512]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-06 203776]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2010-10-01 151552]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 53920]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-11 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-01-20 296448]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 gupdate;Google Update-Dienst (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-31 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-04-08 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-01 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#24 Příspěvek od Miri@ »

Avast stale porad vsude hlasi havet. Zasilam zbytek.

OTL Extras logfile created on: 15.05.2014 08:52:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anh\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,01% Memory free
7,82 Gb Paging File | 5,53 Gb Available in Paging File | 70,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 390,03 Gb Free Space | 83,76% Space Free | Partition Type: NTFS

Computer Name: ANH-PC | User Name: Anh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16908A7C-C5F5-4B09-A32F-B1C5DF76D2FC}" = lport=138 | protocol=17 | dir=in | app=system |
"{1E67BD10-6929-4B42-99FA-4442DF80D172}" = rport=138 | protocol=17 | dir=out | app=system |
"{21E36621-E448-4D1F-8FD1-6256E402C3C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{232078DA-2D98-40E9-B7E3-598D29AF32AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{361B5061-C8DB-40BE-B4F3-721AF279D340}" = rport=137 | protocol=17 | dir=out | app=system |
"{3802188A-A3FC-40B7-8957-FD004CA9E831}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3BBA25DD-EA23-40B6-BB22-755F2B3D1BE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{57F37553-448C-4C0B-B881-D837B7F55A14}" = rport=445 | protocol=6 | dir=out | app=system |
"{86C63253-CD72-425B-B19E-35A1F8D9E38E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{88A88422-3C46-409D-AE0D-D52EC18FAD5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADAEC34-C2F9-4DD7-BF15-B4FFEE252C01}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF12BF30-3146-4D82-95BB-9CC9CA343548}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0C470A2-4840-4FD9-B479-E83D8D698D84}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C6DE86-13CE-4BA5-80CB-5FA180926445}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{02E1A720-B4E7-43CF-A6E5-02E37FBE3579}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{034862D7-9FC8-4C62-AB0B-DE091F77A853}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{05BF9533-74F7-403E-AAAE-91BF3A679668}" = dir=in | app=c:\soloapp\webdriver.dll |
"{06338DC2-0576-442B-A885-59AFAA2EDE41}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{0726ACBD-8CDA-4F2B-A779-754BBE823EC8}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{0785BFE6-3CE8-4A8A-ACF2-1058E7690EB0}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{08538857-F3E3-444C-97ED-7E0012E55300}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{09A219B7-1D1A-4FE2-BED2-2DA94C78316D}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{0A77714B-D7B3-48BF-90B2-48A18CBE7C43}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{0ADA5A9A-B56E-4B65-893F-48879ADBE4EA}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{0B633E21-4327-4686-93EA-D3274C9C1D9B}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{0C28ABDF-6A71-4F0E-BE30-F76339FB911D}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{12358F5B-67B6-461B-AAE3-462F32E10F7E}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{12CDF521-EBC0-4738-968E-78F0EE23DD95}" = dir=out | app=c:\soloapp\webdriver.dll |
"{13068A76-4915-4147-9B93-657364DE776E}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{147C49FB-31A3-49D4-9012-A4DF9CE78474}" = dir=out | app=c:\program files (x86)\hometab\wbrokersockets.exe |
"{147D2AEE-FDF2-4C9E-97FD-3A214E473B5A}" = dir=in | app=c:\soloapp\soloapp.exe |
"{19C7F7AF-A01C-4087-99BF-C6CAE71DDE68}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{1AFF54AE-7D7E-4A0F-A16A-13A3110C6AD4}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{1B27E1DF-B670-446F-B762-5A0D9192ABF6}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{1F29E8F6-5A17-4756-BE85-82A23FF68F81}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{20B01074-FC43-44C3-B48C-3DF5247E1353}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{22E53F43-EAF7-4B73-B7D2-4891EB217E40}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{233ECF74-93E6-4C77-8158-C90DB4E5C468}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{23B1D077-765C-4E8C-822F-E403902C27EC}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{24B88692-8ABA-4E65-BB8C-5090B3C821E2}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{2749F983-6596-4CB9-AD3E-2177AD7F24FD}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{280B9E73-3E6D-4D71-A1BA-6AB6EEA0DE21}" = dir=in | app=c:\soloapp\webdriver.dll |
"{2C3889F7-91EA-4452-817F-3F4144F50E10}" = dir=out | app=c:\soloapp\soloapp.exe |
"{2D6CCE6A-8FDA-4F1C-97C6-752233D250D6}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{2DE6835B-C30F-42F1-8576-C7032759BAD7}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{31EC24D4-0449-4833-904A-5FC3379F6FA9}" = dir=out | app=c:\soloapp\webdriver.dll |
"{3240D7F8-01C5-4F1E-AE79-71C0C91A3DF6}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{34164CF5-9466-4CA8-9254-1BD654637FC6}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{349198FE-A3AB-4662-8856-BB8FE26D0F69}" = dir=out | app=c:\program files (x86)\hometab\whomepagearmor.exe |
"{34AA5E0A-5F12-473E-A5D7-0F8415031CD7}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{34F3B368-7959-4668-95A2-A11FDDEB22FB}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{359234B4-853C-4A7C-AA52-09680CEA6496}" = dir=in | app=c:\soloapp\soloapp.exe |
"{3688761D-2AC0-4398-910B-68BE11B747C6}" = dir=in | app=c:\program files (x86)\hometab\wbrokersockets.exe |
"{36D68A63-73CA-44DE-BA27-509E49C6A1BF}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{3A0E423A-8893-49C1-A884-22733D3C2C75}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{3A57CC7E-B446-4F9D-A85A-5D2038218AA4}" = dir=out | app=c:\program files (x86)\hometab\wbrokersockets.exe |
"{3BD6B561-CFF0-4285-AF56-1866E3D859CC}" = dir=in | app=c:\soloapp\soloapp.exe |
"{3C687196-9282-4A45-BED7-98C7C9F360B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3EC3CC7D-4D7B-4F54-98C0-26F3C7F5EA35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3FD0E366-536A-47F6-868D-AD1991B87318}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{4385CA09-A109-4DA1-9F8C-6B2D192B4852}" = dir=in | app=c:\soloapp\webdriver.dll |
"{44DAA4EB-B9FE-4BAF-BF0B-9C42AF638E72}" = dir=out | app=c:\program files (x86)\hometab\wremoteupgrade.exe |
"{4641A745-ABFF-478B-8A47-F7C61882A7E1}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{48D305DA-5A7C-41FA-80DE-8016AD74A688}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{48E80BE9-AB80-4C52-9312-051E27EC64D3}" = dir=in | app=c:\program files (x86)\hometab\wremoteupgrade.exe |
"{4AA41BD4-0BE8-4E07-9B23-DD34BFA730D3}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{4D3DF157-8676-4784-9896-0C2EEDBD9AF3}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{52C0F3DB-5382-425B-9276-DD6DC6172FA5}" = dir=out | app=c:\soloapp\webdriver.dll |
"{5386E5C0-4D14-4EED-9DC0-C5A7B6DB8B0D}" = dir=in | app=c:\program files (x86)\hometab\whomepagearmor.exe |
"{5394BAB0-DAFF-4E70-8C6C-47289306980D}" = dir=out | app=c:\soloapp\soloapp.exe |
"{5779F36D-1964-4791-BC40-A6C794A02788}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{58E51478-D9EA-4EA6-86D4-5C3E0D4B8DB1}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{59BD5D7E-CB20-45AE-906E-E66ABF45C710}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{5A0A7574-EEAA-418D-BFFD-5EC2EC8E885C}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{5D11FD84-708C-4652-AA5C-1C6244F24650}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{5D233EA6-A0AD-4DBB-A60F-18174294961B}" = dir=out | app=c:\soloapp\soloapp.exe |
"{600BE03F-C4D4-4CA6-8682-FE1BC9DC70EE}" = dir=in | app=c:\soloapp\soloapp.exe |
"{60E32AAC-43AC-42F1-BEBE-263D9A4B69D6}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{60E47C78-CB17-4C91-B7FE-A6D4ECDA0ACC}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{62A88814-6C94-4063-88D4-5573CA5CC0EE}" = dir=in | app=c:\soloapp\soloapp.exe |
"{6407B53E-D246-45CB-B2F4-99D9F7B38830}" = dir=out | app=c:\soloapp\webdriver.dll |
"{64DA9A53-13B7-417E-B036-53B73442FAB3}" = dir=out | app=c:\soloapp\soloapp.exe |
"{66920CF3-F794-494E-A2E9-9D4FBF2FB989}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{66B00F7A-9FEE-4125-ABFA-F0FDC59F6E5F}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{6814E52B-1831-4D62-ACC0-97919A3AD722}" = dir=in | app=c:\soloapp\soloapp.exe |
"{6999C3CE-27BB-42B3-9537-EC1AD89F741A}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{6D194E90-3CFF-4711-9F79-8DE1242813B3}" = protocol=58 | dir=in | app=system |
"{740D8B4D-2246-45E0-ABF6-6CE008ACE8C5}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{74AE90E9-AC95-42FA-AB6B-5F4EF897263D}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{74BBF3AA-C5DE-4988-BCF1-BA8F5B8FADDF}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{75A898CB-3F87-4E70-91F1-C8D1C8936A16}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{76AFCBF6-D466-461B-B67A-B5FB1F0F02B9}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{784370C1-B356-48DA-9814-731D94EEF1D2}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{79DE00F9-2239-49E0-803D-71AB99D518EB}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{7AF235E6-5AAD-4C86-B4E2-8494DDF1E919}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{7AF9FDD5-B11D-4070-91FF-5558E4502B2B}" = dir=out | app=c:\soloapp\soloapp.exe |
"{7C8D75AB-0E94-4CA7-864B-C2BCEF50FD0F}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{7CE8DE89-85C3-4311-BCA0-2FA25DA590B5}" = dir=out | app=c:\soloapp\soloapp.exe |
"{7CEB736C-F08C-4569-BF9F-3FA6C4CA39F2}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{7D85ABD9-0536-49D0-BE97-EF9F00B08AFD}" = dir=out | app=c:\soloapp\soloapp.exe |
"{7DB68B28-7321-4DFF-B758-656C9D29E11E}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{809784C6-E346-4A6C-8FB9-F2C59E418724}" = dir=out | app=c:\soloapp\webdriver.dll |
"{834C4335-9EB4-41E7-B9F3-F6AF2E28317C}" = dir=out | app=c:\soloapp\webdriver.dll |
"{8456931B-BFF1-4FA8-9D3B-01D4456328AA}" = dir=in | app=c:\soloapp\soloapp.exe |
"{86ACEC4D-F524-4954-8F8A-1DC869C3C49A}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{86DA3D5B-5000-4CC6-9679-C49154E71C1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88639600-B1AB-4DC3-838F-0DC3A423A14E}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{897D0E6F-99B5-440D-B2DB-F3FE3AD5E3D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8C36A397-45A6-4BF6-BE41-EF68988C3075}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{8C9E8676-314A-4DD6-965D-91A58FE13123}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8DFF6BBE-F36A-49F7-A7CF-E0B97A06A1A9}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{8E4539E3-B05A-445C-A8C9-2A248E40C405}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{8F8ECBA2-54B7-487C-8592-D74E16E64C84}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{91D4AE45-AA50-46F4-9974-DB7E615811D8}" = dir=out | app=c:\soloapp\webdriver.dll |
"{9424BEEC-7192-478D-9C86-498C655E93C0}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{9591B383-F68E-4E42-82E8-56716350BD79}" = dir=out | app=c:\soloapp\webdriver.dll |
"{96360037-A104-4A78-9CCF-37F90DB974B8}" = dir=in | app=c:\soloapp\webdriver.dll |
"{963FFB21-0A1D-4463-996B-08BDFC14009C}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{98150F1A-A93A-4848-A296-C637814475D9}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{98232793-4917-49D3-BDB5-F34E05B2DEEF}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{98DDB413-C3F7-4DB2-A758-EC0A507FA950}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{9B7F11AD-C189-4E83-A4D1-D584146B8154}" = dir=in | app=c:\soloapp\webdriver.dll |
"{9B9F89D2-A614-4495-BD0C-DADF70DF0788}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{9C5CB76F-3FE8-4773-8F68-59AF68567300}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{9D124CC0-CBF9-4657-BE34-0B01116C497E}" = dir=out | app=c:\soloapp\soloapp.exe |
"{9DB2ECC4-402B-473D-9252-3CBB8B77001C}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{A0B554D6-23C7-4D6A-B350-1DBFB248BF40}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{A0FE4E9A-840D-4CE2-8BEC-0C8F5E24B36A}" = dir=out | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{A4416D85-B8E0-4A4A-BE9E-0EB3BCD4562D}" = dir=out | app=c:\soloapp\soloapp.exe |
"{A6CB86A1-24C6-477A-AE3F-20861AC6194D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{A6E6047F-F9DE-4BC4-98B0-C1E75754EFBE}" = dir=out | app=c:\soloapp\webdriver.dll |
"{A780D302-4B4D-4FE8-AB93-14E2D61D3E3D}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{A966BC0E-3576-44E7-BC8D-0FE838E171A9}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{ABCF3EB8-A657-403E-8CD9-2622299E0146}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{ACAE57C1-514D-4107-8BE9-695AAFBF1655}" = dir=out | app=c:\program files (x86)\hometab\wremoteupgrade.exe |
"{AE1EA096-FFB0-44CB-9F49-DAF3A5E9E4EA}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{AE60FE61-2F76-4CF6-8DD3-8273A4C87EA7}" = dir=in | app=c:\soloapp\soloapp.exe |
"{AFC6FA31-0263-49D4-BE2A-D61BB84122DB}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{B102EC9A-620E-463F-9964-FBF64AB0A4C7}" = dir=in | app=c:\program files (x86)\hometab\wremoteupgrade.exe |
"{B1CE0244-12F2-446F-89ED-1BC1AD7B7502}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{B25A86B3-1680-4649-81EE-A81E5A76D57A}" = dir=in | app=c:\soloapp\soloapp.exe |
"{B3ACF011-F1E8-43CC-8C1F-431338DDF3C5}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{B3C5B43F-4A9A-46F6-973B-790EB0B3D885}" = dir=in | app=c:\soloapp\webdriver.dll |
"{B4492309-B460-44D3-9FD7-ADD16C366851}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{B746780E-020B-4D93-A389-9C6FFC1D0856}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{B8B6147B-D911-4732-A6DB-426235FF577B}" = dir=in | app=c:\program files (x86)\hometab\whomepagearmor.exe |
"{B9A35983-A8D9-4A28-A881-93205346FD5E}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{BC399186-B23F-4892-BC00-C703B74E5820}" = dir=in | app=c:\soloapp\soloapp.exe |
"{BF90EFBD-2384-4BD6-93D5-41D5ACD82EA8}" = dir=in | app=c:\soloapp\webdriver.dll |
"{BFD81B35-5AC1-4DD1-A8A5-E74B8A529AE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C05EF288-642D-4B60-AE32-8B107EA94BF8}" = dir=in | app=c:\soloapp\webdriver.dll |
"{C481B31B-2ABC-48D3-8BBF-79A8D0257138}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{C4CEC428-BF58-474F-989F-7C58B33E8F68}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{C5AA1DF3-A20B-4029-84E4-B8D6B61F25A3}" = dir=in | app=c:\program files (x86)\hometab\wbrokersockets.exe |
"{C6C4CB92-5E58-479D-9F8A-782C2EF6EA12}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{C6E3F26E-DB14-4599-80AD-6696742E7A90}" = dir=out | app=c:\program files (x86)\hometab\whomepagearmor.exe |
"{C955261C-4B29-4937-9EC0-54A5B5E5AFF9}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{C9A039A6-39AE-49FF-AF6C-2072D77667E9}" = dir=out | app=c:\soloapp\webdriver.dll |
"{CAEA4C6D-117E-4E6F-BF84-64EB6652AE51}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{CD84FB2C-442A-4C51-BD6F-45BA3919E22E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0659701-3184-44E2-A4EB-CA8FF7A86145}" = dir=in | app=c:\program files (x86)\hometab\protectedsearch.exe |
"{D0B0B6EC-C3EF-4D1A-95F4-7EF4B76D1434}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{D12B7112-6933-47FA-8CC5-9E403C10A5E7}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{D183A730-A203-42C3-9CA0-A8E4FB052A88}" = dir=in | app=c:\program files (x86)\hometab\tbupdater.dll |
"{D2C4A56F-CF90-4956-90B5-ED4B10A94EF9}" = dir=in | app=c:\program files (x86)\hometab\systemsockets.exe |
"{D4B63731-3105-4E0D-A4BF-186BC9F4078E}" = dir=out | app=c:\soloapp\webdriver.dll |
"{D5DBCA43-1B6B-42F0-86BA-33B624F01FF3}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{D7D8711E-A6ED-4DDA-83F4-6EB4C137E42F}" = dir=out | app=c:\soloapp\soloapp.exe |
"{D869C658-134C-449B-9D48-6D389A664E16}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{D8F6819E-C4D5-4441-9BCB-324E905A7B09}" = dir=out | app=c:\program files (x86)\hometab\systemsockets.exe |
"{D9479900-25ED-40F9-8B98-3B6E203E0388}" = dir=out | app=c:\soloapp\soloapp.exe |
"{D99D4675-0E5F-4C5E-8E93-6DBAA89726D4}" = dir=in | app=c:\soloapp\webdriver.dll |
"{D9DF7CBA-17DD-4DC4-8A1D-BD4443AAFEAC}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{DB4B677E-5E37-4304-A970-FAEBE036679F}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{E0F359BF-DF04-4B81-A9F5-899443067810}" = protocol=6 | dir=in | app=c:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3EB306E-CE9B-4831-A3CA-9FB034624828}" = dir=in | app=c:\soloapp\soloapp.exe |
"{E577A402-B411-47AB-BD8E-74FAD7AFE5A6}" = dir=out | app=c:\soloapp\webdriver.dll |
"{E6CEAA68-9416-4284-B06F-D060B55ECA64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E8480CAA-61A8-4C60-A4C0-BEB7D31086F2}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{E8995BCF-1FEC-426A-ACE3-9A192B5579FC}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{E8E0EBC6-53C6-4862-92E3-73C50986A0DB}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{E9C6C542-919A-4E25-B154-5CC99A348872}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{EA199180-7451-4398-AC31-D490F3B11B2C}" = dir=in | app=c:\soloapp\webdriver.dll |
"{EC46D32A-E706-4EB1-9069-227945F9C1B3}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{EDE54323-7C65-4652-9A8B-45C3464E72BD}" = dir=in | app=c:\soloapp\webdriver.dll |
"{EF421D63-AB2A-45C1-954B-14100CC31181}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{F57DC418-4E83-4C29-AD5D-4026CDD2AA53}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{F882118C-1654-4152-AFC1-748B29A99FA7}" = dir=out | app=c:\soloapp\soloapp.exe |
"{FBF93E57-3548-40A0-9E0B-E5C9D256F69D}" = dir=out | app=c:\program files (x86)\hometab\tbupdater.dll |
"{FCA70AC5-7F43-4C80-A918-3097886B9B5B}" = protocol=17 | dir=in | app=c:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe |
"{FD6F6635-94E2-4C63-96C0-FD3D182BC2C7}" = dir=in | app=c:\soloapp\soloapp.exe |
"{FF08E260-ECC6-40ED-9473-8CECB916B8F7}" = dir=in | app=c:\soloapp\webdriver.dll |
"TCP Query User{05CF10B1-533A-4D06-8072-A9CC540FD206}C:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8427631F-FA14-435F-8B42-CF508A3340BF}C:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anh\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{31FDB9D8-4E19-FA2E-1E52-010EAD097C10}" = ccc-utility64
"{597AC09F-F4F5-67CE-AB20-5EFB6C2643CF}" = ATI AVIVO64 Codecs
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{C4E3D613-FF0D-358B-491A-9070A2D1BD2F}" = ATI Catalyst Install Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B44064A-4402-10F7-8997-16533ACDADBC}" = CCC Help English
"{0C46AA96-F2B1-99F7-CA6B-E4551B7815DB}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A352AA6-60A8-95C2-8F46-52E006A8A0C8}" = CCC Help Danish
"{1A629FB7-0E20-9063-DF30-724CAB3766E1}" = CCC Help Dutch
"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2FD01610-8415-4937-17A8-1F94430C8E7E}" = PX Profile Update
"{33C085DD-7BED-54D9-5C0B-5AF7E6FA2FF0}" = CCC Help Norwegian
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{440009B0-BC0F-CCFD-19E5-CCDCCC8BACC8}" = Catalyst Control Center Localization All
"{48BE9488-6EDC-D291-28E4-5D9E49073FD0}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEC8B5-A9AA-956E-F8D3-E5AB6885C5F9}" = CCC Help Portuguese
"{51882CA9-F65B-3A6B-9B28-3DE1D18F84B4}" = CCC Help Russian
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5A361301-A169-BF5C-82F1-40639136A165}" = CCC Help Chinese Traditional
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66E1241C-B39B-496A-BDDF-23121D2AFF98}" = Catalyst Control Center - Branding
"{6A347013-6D0F-54A6-7CDD-51C9DE815C9A}" = CCC Help French
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{84E2836A-9926-EC95-AF12-F615F86C2E7E}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5B422A-326D-E314-10B1-CCC481EF6051}" = CCC Help Japanese
"{A727D18B-3A79-41BF-63DD-B43805B31CD5}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B31886B0-C0A2-57C1-AE61-8F5C36568954}" = Catalyst Control Center InstallProxy
"{B6877477-81CA-E30E-2C53-E06C0C45AE3C}" = ccc-core-static
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{D25373E0-8F8E-1793-7901-A37E34C6D0A1}" = CCC Help German
"{D436CD79-D44A-639E-6B50-152B8C802E9D}" = Catalyst Control Center Profiles Mobile
"{DB630555-AE84-15CA-1A30-E2A7943D2532}" = CCC Help Korean
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.1.3
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F20983EE-75FB-9206-A1DB-4E982842C310}" = CCC Help Chinese Standard
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"fst_de_7_is1" = fst_de_7
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"MindMaple_is1" = MindMaple Lite 1.63
"Mozilla Firefox 28.0 (x86 de)" = Mozilla Firefox 28.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDFBearbeiten_is1" = PDFBearbeiten V2.0.4
"Protegere" = Protegere
"The KMPlayer" = The KMPlayer (remove only)
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Zotero Standalone 4.0.19 (x86 en-US)" = Zotero Standalone 4.0.19 (x86 en-US)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.05.2014 05:30:22 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 13.05.2014 05:30:22 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 13.05.2014 05:30:22 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 13.05.2014 05:38:10 | Computer Name = Anh-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.05.2014 02:54:04 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 14.05.2014 02:54:05 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 14.05.2014 02:54:05 | Computer Name = Anh-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 14.05.2014 02:56:30 | Computer Name = Anh-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.05.2014 15:28:43 | Computer Name = Anh-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.05.2014 02:39:02 | Computer Name = Anh-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 17.03.2014 05:50:16 | Computer Name = Anh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 54223 seconds with 4320 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 14.05.2014 06:01:41 | Computer Name = Anh-PC | Source = DCOM | ID = 10010
Description =

Error - 14.05.2014 06:06:45 | Computer Name = Anh-PC | Source = bowser | ID = 8003
Description =

Error - 14.05.2014 15:20:02 | Computer Name = Anh-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 14.05.2014 15:20:02 | Computer Name = Anh-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 14.05.2014 15:23:20 | Computer Name = Anh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 14.05.2014 15:25:59 | Computer Name = Anh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 14.05.2014 15:26:05 | Computer Name = Anh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 15.05.2014 01:24:15 | Computer Name = Anh-PC | Source = DCOM | ID = 10010
Description =

Error - 15.05.2014 02:35:56 | Computer Name = Anh-PC | Source = DCOM | ID = 10010
Description =

Error - 15.05.2014 06:18:43 | Computer Name = Anh-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#25 Příspěvek od Miri@ »

Tak ten druhy soubor ma pres 16 mil znaku a 3,16MB, takze by to bylo asi na min. 17 prispevku.Mam radeji poslat cely soubor?
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#26 Příspěvek od Márty84 »

Miri@ píše:Tak ten druhy soubor ma pres 16 mil znaku a 3,16MB, takze by to bylo asi na min. 17 prispevku.Mam radeji poslat cely soubor?
Dejte ho treba na leteckou postu http://leteckaposta.cz/ a sem odkaz na stzeni.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#27 Příspěvek od Miri@ »

Posilam odkaz: http://leteckaposta.cz/335671300
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#28 Příspěvek od Márty84 »

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[ClearAllRestorePoints]

:services
AdobeARMservice
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: security%40protegere.org:3
FF - prefs.js..extensions.enabledAddons: %7B4ca8c1be-c30f-49bf-9ac8-f3e63f49665d%7D:6.0
[2014.04.16 20:14:34 | 000,000,000 | ---D | M] (HomeTab) -- C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}
[2014.03.24 21:23:39 | 000,000,000 | ---D | M] (Protegere) -- C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\security@protegere.org
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&q={searchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - homepage: http://search.conduit.com/?ctid=CT3322611&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF884FBBE-E680-4AA2-9EB1-3CC177BAA683&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Protegere = C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf\
CHR - Extension: Web Search = C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Miri@
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 18 čer 2011 09:51

Re: Malware

#29 Příspěvek od Miri@ »

Provedeno:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anh
->Temp folder emptied: 6616697 bytes
->Temporary Internet Files folder emptied: 420010 bytes
->Java cache emptied: 53582 bytes
->FireFox cache emptied: 383119533 bytes
->Google Chrome cache emptied: 430154497 bytes
->Flash cache emptied: 74428 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3165940 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43259372 bytes
RecycleBin emptied: 17388 bytes

Total Files Cleaned = 827,00 mb


[EMPTYFLASH]

User: All Users

User: Anh
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: security%40protegere.org:3 removed from extensions.enabledAddons
Prefs.js: %7B4ca8c1be-c30f-49bf-9ac8-f3e63f49665d%7D:6.0 removed from extensions.enabledAddons
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}\plugins folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}\components folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d}\chrome folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\{4ca8c1be-c30f-49bf-9ac8-f3e63f49665d} folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\security@protegere.org\chrome\content folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\security@protegere.org\chrome folder moved successfully.
C:\Users\Anh\AppData\Roaming\Mozilla\Firefox\Profiles\peibl06z.default\extensions\security@protegere.org folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\script folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\js folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\img\favicon folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\img folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\images folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\extensions folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\css folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\video folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\videojs\font folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\videojs folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\js folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\images\gradient folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\images folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\font folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\css folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin\assets folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\rs-plugin folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\js\vendor folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\js\inline folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\js\foundation folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\js\client folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\js folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\img folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\fonts folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler\css folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0\bundler folder moved successfully.
C:\Users\Anh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf\6.1_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC1F7.tmp\System.Data.Services.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC1F7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1747.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP56EC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC990.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE5E6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF4B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF5A0.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05152014_191335

Files\Folders moved on Reboot...
C:\Users\Anh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anh\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\_avast_\ws9262.dat not found!
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Malware

#30 Příspěvek od Márty84 »

:arrow: Postupujte podle navodu kolegy
vyosek píše: :arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Kliknete na volbu Change parametrs
  • V okne Additional Option zakliknete vsechny moznosti
  • Kliknete na OK
  • Utilite prikazte, at skenuje - klik na Start Scan
  • Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
  • Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
  • Pokud mate vsude Skip, kliknete na Continue
  • Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

:arrow: Postupujte podle navodu kolegy
vyosek píše: :arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“