Stránka 1 z 2
Virus ? windows script host error
Napsal: 22 črc 2013 09:14
od lamakak
Zdravím když zapnu PC hodi mi tam tento error:
http://www.imghosting.cz/images/59virus.png
když kliknu na OK asi po 1minutě hodí tohle
http://www.imghosting.cz/images/75virus2.png
Děkuji za odpovědi s virusama moc neumim :S stalo se to když jsem si nainstaloval jednu hru
Vim že na forum toto bylo ale tam jste řekly ať obnoví ze starších záloh když to nedělalo... ale já nemam žádné zálohy takže
Re: Virus ? windows script host error
Napsal: 22 črc 2013 09:25
od vyosek
Zdravim
Nebylo to spise po aplikaci nejakeho cracku do te hry? Nebo je snad zakoupena?
Dejte log z RSIT
http://forum.viry.cz/viewtopic.php?f=13&t=130786
Re: Virus ? windows script host error
Napsal: 22 črc 2013 09:41
od lamakak
zdravim , nebyl to crack ta hra byla z uloz.to a měla 30 LIKE a myslim že je Free to play
A log:
- Logfile of random's system information tool 1.06 (written by random/random)
Run by LaMa at 2013-07-22 10:40:36
WIN_2008 Service Pack 1
System drive C: has 41 GB (27%) free of 153 GB
Total RAM: 959 MB (20% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-20 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}]
IEExtension.VDownloaderBHO - C:\Windows\system32\mscoree.dll [2010-11-20 297808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-20 155384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2013-01-03 233288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"NtVdmSrv"=C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-05-03 17355912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sers]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe /Background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2013-07-16 1807272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Herní^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk]
C:\PROGRA~2\00el.dat,XFG00 []
C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MC service.lnk - C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe
sisi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bbd2db3-cdd4-11e1-9755-001d920bb236}]
shell\AutoRun\command - K:\LGAutoRun.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2013-07-22 10:40:07 ----D---- C:\Program Files\trend micro
2013-07-22 10:39:37 ----D---- C:\rsit
2013-07-21 11:13:06 ----D---- C:\Users\LaMa\AppData\Roaming\gd.sos.McPixel
2013-07-16 15:25:14 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-07-16 15:25:13 ----A---- C:\Windows\system32\PnkBstrA.exe
2013-07-15 14:50:07 ----D---- C:\Program Files\Bandicam
2013-07-15 14:14:12 ----D---- C:\Users\LaMa\AppData\Roaming\Notepad++
2013-07-15 14:14:12 ----D---- C:\Program Files\Notepad++
2013-07-04 18:10:55 ----D---- C:\Users\LaMa\AppData\Roaming\VitySoft
2013-07-02 11:40:05 ----D---- C:\Users\LaMa\AppData\Roaming\WinRAR
2013-07-02 10:52:04 ----D---- C:\Program Files\Passware
2013-06-26 17:57:33 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:48:00 ----D---- C:\Program Files\Adobe Media Player
2013-06-26 17:43:57 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-06-26 17:43:47 ----D---- C:\Program Files\Adobe
2013-06-26 17:37:22 ----D---- C:\ProgramData\Adobe
2013-06-26 17:33:25 ----D---- C:\Program Files\Shock Utility
2013-06-26 17:33:09 ----A---- C:\Windows\IFinst27.exe
2013-06-24 18:53:53 ----D---- C:\Program Files\MP3 Skype Recorder
2013-06-24 18:09:34 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-06-24 18:09:33 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-06-24 18:09:32 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-06-24 18:04:22 ----D---- C:\Program Files\Castle Crashers
2013-06-24 17:26:37 ----D---- C:\Program Files\Steam
======List of files/folders modified in the last 1 months======
2013-07-22 10:40:35 ----D---- C:\Windows\Temp
2013-07-22 10:40:07 ----RD---- C:\Program Files
2013-07-22 10:39:20 ----D---- C:\Users\LaMa\AppData\Roaming\Skype
2013-07-22 10:17:51 ----D---- C:\Users\LaMa\AppData\Roaming\FileZilla
2013-07-21 21:23:42 ----D---- C:\Users\LaMa\AppData\Roaming\HLSW
2013-07-21 11:11:48 ----D---- C:\Windows\inf
2013-07-21 10:52:56 ----D---- C:\Windows\system32\catroot2
2013-07-20 22:29:03 ----D---- C:\Windows\System32
2013-07-20 22:28:28 ----D---- C:\Program Files\CoD RconTool
2013-07-20 20:15:04 ----D---- C:\Users\LaMa\AppData\Roaming\Xfire
2013-07-20 20:07:21 ----D---- C:\ProgramData\Xfire
2013-07-17 22:29:39 ----D---- C:\Program Files\Common Files\Steam
2013-07-16 15:25:42 ----D---- C:\Windows\system32\drivers
2013-07-15 14:50:05 ----D---- C:\Program Files\BandiMPEG1
2013-07-15 12:21:40 ----D---- C:\Users\LaMa\AppData\Roaming\Aperture Deleter
2013-07-11 16:13:47 ----D---- C:\Windows\Prefetch
2013-07-09 14:10:41 ----RSD---- C:\Windows\Fonts
2013-07-08 17:07:34 ----D---- C:\Program Files\Opera
2013-07-05 19:10:38 ----D---- C:\Users\LaMa\AppData\Roaming\.minecraft
2013-07-02 19:44:50 ----SHD---- C:\System Volume Information
2013-07-02 18:04:40 ----SD---- C:\Users\LaMa\AppData\Roaming\Microsoft
2013-07-02 14:37:42 ----D---- C:\Windows
2013-07-02 14:37:39 ----D---- C:\Windows\debug
2013-07-02 11:09:25 ----D---- C:\Windows\system32\Tasks
2013-07-02 10:56:44 ----D---- C:\Windows\Logs
2013-06-26 20:13:35 ----D---- C:\Program Files\gta san andreas
2013-06-26 18:30:57 ----D---- C:\Users\LaMa\AppData\Roaming\uTorrent
2013-06-26 17:57:33 ----HD---- C:\ProgramData
2013-06-26 17:55:19 ----D---- C:\Users\LaMa\AppData\Roaming\Adobe
2013-06-26 17:51:15 ----D---- C:\Program Files\Common Files\Adobe
2013-06-26 17:51:09 ----D---- C:\Windows\system32\config
2013-06-26 17:48:50 ----SHD---- C:\Windows\Installer
2013-06-26 17:43:57 ----D---- C:\Program Files\Common Files
2013-06-26 17:40:04 ----D---- C:\Windows\winsxs
2013-06-26 14:33:15 ----D---- C:\ProgramData\PMB Files
2013-06-24 18:08:47 ----RSD---- C:\Windows\assembly
2013-06-23 11:48:31 ----D---- C:\temp
Re: Virus ? windows script host error
Napsal: 22 črc 2013 10:13
od vyosek
stáhni podle systému
Farbar Recovery Scan Tool pro 32bit
http://www.bleepingcomputer.com/downloa ... scan-tool/
nebo pro 64bit
http://download.bleepingcomputer.com/farbar/FRST64.exe
Nastavení
FRST a získání logu:
Po spuštění
FRST odsouhlasíme licenční podmínky kliknutím na
Ano.
Dooznačíme položky
List BCD,
Drivers MD5 a
Addition.txt.
Klikneme na tlačítko
Scan čímž spustíme skenování.
Počkáme na dokončení skenování a odklikneme info o uložení logů.
Otevřou se dva textové soubory s logy, zkopíruj sem
FRST.txt
Re: Virus ? windows script host error
Napsal: 22 črc 2013 10:30
od lamakak
- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-07-2013
Ran by LaMa (administrator) on 22-07-2013 11:26:53
Running from C:\Users\LaMa\AppData\Local\Opera\Opera\temporary_downloads
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {3bbd2db3-cdd4-11e1-9755-001d920bb236} - K:\LGAutoRun.exe
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Herní\...\Run: [Free Ram Optimizer] - C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe [ 2003-08-22] ()
HKU\Herní\...\Policies\system: [LogonHoursAction] 2
HKU\Herní\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kapitán\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKU\Kapitán\...\Policies\system: [LogonHoursAction] 2
HKU\Kapitán\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Herní\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk
ShortcutTarget: MC service.lnk -> C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe (No File)
Startup: C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk
ShortcutTarget: MC service.lnk -> C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe (No File)
Startup: C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisi.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119293 ... FF08904093
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?utm_source=ch-br ... nt=default
SearchScopes: HKCU - DefaultScope {E7D5C6AA-7574-4AF7-A662-92FE33215811} URL = http://search.centrum.cz/index.php?utm_ ... earchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... FF08904093
SearchScopes: HKCU - {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = http://search.hotspotshield.com/g/resul ... earchTerms}
SearchScopes: HKCU - {E7D5C6AA-7574-4AF7-A662-92FE33215811} URL = http://search.centrum.cz/index.php?utm_ ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default
FF user.js: detected! => C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=119293&tt=g ... FF08904093
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://search.babylon.com/?affID=119293&tt=gc_&babsrc=HP_ss_din2g&mntrId=F61700FF08904093
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
FF Extension: Browse2save - C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\Extensions\510a7b1a3c79e@510a7b1a3c7d7.com
FF Extension: Seznam lištička - C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: torntv2 - C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\Extensions\torntv2@torntv.com.xpi
FF Extension: No Name - C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [444712 2013-01-10] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-11-15] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [389928 2013-01-10] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2013-07-21] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-03-19] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-11-02] (TuneUp Software)
S2 UxTuneUp; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~2\00el.dat [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [36040 2013-01-10] (AnchorFree Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [29184 2006-05-31] (http://libusb-win32.sourceforge.net)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp.sys [3072 2011-01-18] (JJS)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-07-26] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-11-15] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 4AF5F360BA1E8794D32B366E45A64A0A
C:\Windows\system32\drivers\aswMonFlt.sys 1F7094D4268D46F718C51286DC189791
C:\Windows\System32\Drivers\aswrdr2.sys FFE9A993B3EC2908FECB1DF2C39148BB
C:\Windows\System32\Drivers\aswRvrt.sys B680134BA1813B78B47FDD1DFF223CA5
C:\Windows\System32\Drivers\aswSnx.sys CCD565A8A72AF7D45F9A242013870926
C:\Windows\System32\Drivers\aswSP.sys 937300BC7C4CDF7576BCCE44E19BBB9D
C:\Windows\System32\Drivers\aswTdi.sys 1F71F170D90E42EFDE9633D81D5E12DC
C:\Windows\System32\Drivers\aswVmm.sys 8CFAA2B965773A653F48F1207A9CB9C4
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hssdrv6.sys E1E8005C35F97A39C1672EDD24B03587
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusb0.sys D1598203B19B4922531A8BD6811547F7
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys B272B4C3E085EA860C12F2E4FAF2FFA2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 9AC33EF26C8A3AD0F117D00EB7301D03
C:\Windows\System32\DRIVERS\mrxsmb20.sys E0ABDB5ED7E199E242A7D028E76C1D3A
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys B9730495E0CF674680121E34BD95A73B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
C:\Windows\System32\DRIVERS\nvlddmkm.sys AFB33A823AABC112FC7BD62AFBCDB0CD
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pspdisp.sys 30C867C08B13E66710E3210C8938E902
C:\Windows\system32\pwdrvio.sys CFACAA25576D473EF7B771ECE1B24D73
C:\Windows\system32\pwdspio.sys 0B675A61B23561C86E8710F751842276
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\drivers\sfdrv01.sys B7018644E132A8DFB12ED90106E06739
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\drivers\sfhlp02.sys DAAD4C099EBF5094D32C373AC1AC0F3C
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\drivers\sfvfs02.sys 197CEF62EB4BC043E1578529FA2B9A48
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 112127C3B2E64D7680CC39CD0A39DD7E
C:\Windows\System32\DRIVERS\srv2.sys E5DD784A4EE5EBC72A86C677C988FCDB
C:\Windows\System32\DRIVERS\srvnet.sys CDBE627E16CC9E98F343D73F8E81D258
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43
C:\Windows\System32\DRIVERS\taphss.sys 0C3B2A9C4BD2DD9A6C2E4084314DD719
C:\Windows\System32\DRIVERS\taphss6.sys A69C1848E37482C855D94AA05145086C
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 94C4CD2D19B8C4137A46261F229FEC24
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys 845AF1BA23C8D5E64DEF61BCC441604C
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____D C:\FRST
2013-07-22 10:40 - 2013-07-22 10:41 - 00000000 ____D C:\Program Files\trend micro
2013-07-22 10:39 - 2013-07-22 10:39 - 00000000 ____D C:\rsit
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 _____ C:\Users\Herní\regbcm
2013-07-21 13:35 - 2013-07-21 14:32 - 00000000 ____D C:\Users\LaMa\Desktop\dvd
2013-07-21 11:13 - 2013-07-21 11:13 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\gd.sos.McPixel
2013-07-21 11:12 - 2013-07-21 11:12 - 00000000 _____ C:\Users\LaMa\regbcm
2013-07-20 22:29 - 2013-07-20 22:29 - 00001897 _____ C:\Users\Herní\Desktop\CoD RconTool.lnk
2013-07-19 11:32 - 2013-07-22 10:17 - 00006019 _____ C:\Users\LaMa\Desktop\server.cfg
2013-07-19 10:10 - 2013-07-19 10:11 - 00000000 ____D C:\Users\LaMa\Desktop\Pluginy
2013-07-17 16:47 - 2013-07-18 12:30 - 00000000 ____D C:\Users\LaMa\Desktop\nějaké ty score
2013-07-16 21:56 - 2013-07-16 21:56 - 06709248 _____ C:\Users\LaMa\Desktop\PSP-(game)-International-Snooker-(minis).iso
2013-07-16 21:42 - 2009-04-20 02:42 - 00000000 ____D C:\Users\LaMa\Desktop\DaedalusX64
2013-07-16 15:25 - 2013-07-21 21:24 - 00214520 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-16 15:25 - 2013-07-21 20:45 - 00137464 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-16 15:25 - 2013-07-21 20:07 - 00075064 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\Users\LaMa\AppData\Local\External_ESP_Aimbot
2013-07-15 21:05 - 2013-06-29 19:59 - 517927333 _____ C:\Users\LaMa\Desktop\Ghost.Recon.Predator.PSP.cso
2013-07-15 17:24 - 2013-07-19 11:29 - 00011575 _____ C:\Users\LaMa\Desktop\exec.cfg
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\Kapitán\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\Herní\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000000 ____D C:\Program Files\Bandicam
2013-07-15 14:49 - 2013-03-05 19:59 - 00049664 _____ C:\Users\LaMa\Desktop\keymaker.exe
2013-07-15 14:47 - 2013-07-15 17:04 - 00000000 ____D C:\Users\LaMa\Documents\Bandicam
2013-07-15 14:14 - 2013-07-15 14:17 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Notepad++
2013-07-15 14:14 - 2013-07-15 14:17 - 00000000 ____D C:\Program Files\Notepad++
2013-07-14 16:01 - 2013-07-15 17:12 - 00214520 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-10 16:23 - 2013-07-10 16:24 - 00000000 ____D C:\Users\Herní\Desktop\Šíma flus
2013-07-10 15:12 - 2013-07-10 15:12 - 00000213 _____ C:\Users\LaMa\Desktop\Team Fortress 2.url
2013-07-10 13:29 - 2013-07-18 21:02 - 00000184 _____ C:\Users\LaMa\Desktop\Czechgaming.eu.txt
2013-07-07 14:58 - 2013-07-11 20:45 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Skype
2013-07-07 14:58 - 2013-07-07 14:58 - 00002539 _____ C:\Users\Herní\Desktop\Skype.lnk
2013-07-07 11:16 - 2013-07-07 11:16 - 00000213 _____ C:\Users\LaMa\Desktop\Left 4 Dead 2.url
2013-07-05 11:14 - 2013-07-21 14:32 - 00000000 ____D C:\Users\LaMa\Desktop\dvd2
2013-07-04 18:10 - 2013-07-04 18:10 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\VitySoft
2013-07-02 15:00 - 2013-07-02 15:06 - 00000000 ____D C:\Users\Herní\Desktop\Nová složka
2013-07-02 14:43 - 2013-07-02 14:43 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Media Player Classic
2013-07-02 14:37 - 2013-07-22 09:52 - 00003752 _____ C:\Windows\setupact.log
2013-07-02 14:37 - 2013-07-21 17:17 - 00084330 _____ C:\Windows\PFRO.log
2013-07-02 14:37 - 2013-07-02 14:37 - 00000000 _____ C:\Windows\setuperr.log
2013-07-02 11:40 - 2013-07-02 11:40 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\WinRAR
2013-07-02 10:52 - 2013-07-02 10:52 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
2013-07-02 10:52 - 2013-07-02 10:52 - 00000000 ____D C:\Program Files\Passware
2013-07-02 10:04 - 2013-07-02 10:04 - 00000000 ____D C:\Users\LaMa\AppData\versions
2013-07-02 10:03 - 2013-07-02 10:03 - 00000000 ____D C:\Users\LaMa\minecraft
2013-06-27 22:02 - 2013-06-27 22:02 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-26 20:33 - 2013-06-27 22:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-26 20:32 - 2013-06-27 22:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-26 20:24 - 2013-06-26 20:24 - 00000000 ____D C:\Users\Herní\AppData\Local\Adobe
2013-06-26 18:02 - 2013-07-09 20:46 - 00000156 _____ C:\Users\LaMa\Desktop\Tutoriály.txt
2013-06-26 17:57 - 2013-06-26 17:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:48 - 2013-06-26 17:48 - 00000000 ____D C:\Program Files\Adobe Media Player
2013-06-26 17:44 - 2013-06-26 17:44 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-26 17:44 - 2013-06-26 17:44 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-26 17:43 - 2013-06-26 17:53 - 00000000 ____D C:\Program Files\Adobe
2013-06-26 17:43 - 2013-06-26 17:43 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-26 17:37 - 2013-06-26 17:56 - 00000000 ____D C:\ProgramData\Adobe
2013-06-26 17:33 - 2013-06-26 17:33 - 00065536 _____ C:\Windows\IFinst27.exe
2013-06-26 17:33 - 2013-06-26 17:33 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shock Utility
2013-06-26 17:33 - 2013-06-26 17:33 - 00000000 ____D C:\Program Files\Shock Utility
2013-06-26 17:17 - 2013-07-01 11:51 - 00000000 ____D C:\Users\LaMa\Desktop\Crack
2013-06-24 18:56 - 2013-06-24 18:56 - 00000000 ____D C:\Users\LaMa\AppData\Local\Alexander_Nikiforov
2013-06-24 18:53 - 2013-06-24 18:54 - 00000000 ____D C:\Program Files\MP3 Skype Recorder
2013-06-24 18:09 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-06-24 18:09 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-06-24 18:09 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-06-24 18:04 - 2013-06-24 18:04 - 00000000 ____D C:\Program Files\Castle Crashers
2013-06-24 17:26 - 2013-07-17 22:31 - 00000000 ____D C:\Program Files\Steam
2013-06-23 10:49 - 2013-06-18 23:30 - 04210865 _____ () C:\Users\Herní\Desktop\WOT TWEAKER V2.5 FOR PATCH 0.8.6 BUILD 2.exe
2013-06-23 10:37 - 2013-06-23 10:37 - 00000000 ____D C:\Users\Herní\AppData\Roaming\WinRAR
2013-06-22 20:43 - 2013-06-05 11:45 - 00000000 ____D C:\Users\LaMa\Desktop\Subway Surfers Miami
2013-06-22 13:12 - 2013-06-22 13:12 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Macromedia
2013-06-22 10:34 - 2013-06-22 10:34 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Wargaming.net
2013-06-22 10:13 - 2013-06-22 10:13 - 00000000 ____D C:\Users\Herní\AppData\Roaming\TuneUp Software
2013-06-22 10:09 - 2013-06-26 20:25 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Adobe
2013-06-22 10:06 - 2013-06-22 10:06 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Opera
==================== One Month Modified Files and Folders =======
2013-07-22 11:26 - 2013-07-22 11:26 - 00000000 ____D C:\FRST
2013-07-22 11:23 - 2012-06-05 00:26 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Skype
2013-07-22 11:23 - 2012-06-05 00:21 - 00000000 ___RD C:\Users\LaMa\Desktop
2013-07-22 10:53 - 2012-12-08 19:31 - 00000000 ____D C:\Users\LaMa\.gimp-2.4
2013-07-22 10:41 - 2013-07-22 10:40 - 00000000 ____D C:\Program Files\trend micro
2013-07-22 10:39 - 2013-07-22 10:39 - 00000000 ____D C:\rsit
2013-07-22 10:29 - 2013-06-17 16:14 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 10:17 - 2013-07-19 11:32 - 00006019 _____ C:\Users\LaMa\Desktop\server.cfg
2013-07-22 10:17 - 2012-07-12 16:57 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\FileZilla
2013-07-22 10:00 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:00 - 2009-07-14 06:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:59 - 2012-06-04 23:51 - 01447662 _____ C:\Windows\WindowsUpdate.log
2013-07-22 09:52 - 2013-07-02 14:37 - 00003752 _____ C:\Windows\setupact.log
2013-07-22 09:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 21:24 - 2013-07-16 15:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-21 21:24 - 2012-06-05 02:37 - 00214520 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-21 21:23 - 2012-06-05 01:36 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\HLSW
2013-07-21 20:45 - 2013-07-16 15:25 - 00137464 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-21 20:07 - 2013-07-16 15:25 - 00075064 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-21 20:05 - 2012-06-05 02:35 - 00022328 _____ C:\Users\LaMa\AppData\Roaming\PnkBstrK.sys
2013-07-21 19:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 _____ C:\Users\Herní\regbcm
2013-07-21 17:17 - 2013-07-02 14:37 - 00084330 _____ C:\Windows\PFRO.log
2013-07-21 17:17 - 2013-04-08 15:23 - 00000000 ____D C:\Users\Herní
2013-07-21 14:32 - 2013-07-21 13:35 - 00000000 ____D C:\Users\LaMa\Desktop\dvd
2013-07-21 14:32 - 2013-07-05 11:14 - 00000000 ____D C:\Users\LaMa\Desktop\dvd2
2013-07-21 11:13 - 2013-07-21 11:13 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\gd.sos.McPixel
2013-07-21 11:12 - 2013-07-21 11:12 - 00000000 _____ C:\Users\LaMa\regbcm
2013-07-21 11:12 - 2012-06-05 00:21 - 00000000 ____D C:\Users\LaMa
2013-07-20 22:29 - 2013-07-20 22:29 - 00001897 _____ C:\Users\Herní\Desktop\CoD RconTool.lnk
2013-07-20 22:29 - 2013-05-18 21:47 - 00001897 _____ C:\Users\Kapitán\Desktop\CoD RconTool.lnk
2013-07-20 22:29 - 2013-04-08 15:23 - 00000000 ___RD C:\Users\Herní\Desktop
2013-07-20 22:29 - 2012-06-23 11:21 - 00001897 _____ C:\Users\UpdatusUser\Desktop\CoD RconTool.lnk
2013-07-20 22:28 - 2012-06-23 11:20 - 00000000 ____D C:\Program Files\CoD RconTool
2013-07-20 20:15 - 2012-06-06 03:07 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Xfire
2013-07-20 20:07 - 2012-06-06 03:07 - 00000000 ____D C:\ProgramData\Xfire
2013-07-20 19:43 - 2013-05-04 14:24 - 00000000 ____D C:\Users\LaMa\Desktop\dulezite
2013-07-19 11:29 - 2013-07-15 17:24 - 00011575 _____ C:\Users\LaMa\Desktop\exec.cfg
2013-07-19 10:11 - 2013-07-19 10:10 - 00000000 ____D C:\Users\LaMa\Desktop\Pluginy
2013-07-18 21:02 - 2013-07-10 13:29 - 00000184 _____ C:\Users\LaMa\Desktop\Czechgaming.eu.txt
2013-07-18 12:30 - 2013-07-17 16:47 - 00000000 ____D C:\Users\LaMa\Desktop\nějaké ty score
2013-07-17 22:31 - 2013-06-24 17:26 - 00000000 ____D C:\Program Files\Steam
2013-07-17 22:29 - 2012-08-26 20:56 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-07-16 21:56 - 2013-07-16 21:56 - 06709248 _____ C:\Users\LaMa\Desktop\PSP-(game)-International-Snooker-(minis).iso
2013-07-16 13:10 - 2013-07-16 13:10 - 00000000 ____D C:\Users\LaMa\AppData\Local\External_ESP_Aimbot
2013-07-16 13:08 - 2012-12-27 15:00 - 00000000 ____D C:\Users\LaMa\Documents\Visual Studio 2010
2013-07-15 17:12 - 2013-07-14 16:01 - 00214520 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-15 17:04 - 2013-07-15 14:47 - 00000000 ____D C:\Users\LaMa\Documents\Bandicam
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\Kapitán\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000950 _____ C:\Users\Herní\Desktop\Bandicam.lnk
2013-07-15 14:50 - 2013-07-15 14:50 - 00000000 ____D C:\Program Files\Bandicam
2013-07-15 14:50 - 2013-03-22 20:18 - 00000000 ____D C:\Program Files\BandiMPEG1
2013-07-15 14:50 - 2012-06-22 19:10 - 00000000 ___RD C:\Users\UpdatusUser\Desktop
2013-07-15 14:50 - 2012-06-05 02:55 - 00000000 ___RD C:\Users\Kapitán\Desktop
2013-07-15 14:17 - 2013-07-15 14:14 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Notepad++
2013-07-15 14:17 - 2013-07-15 14:14 - 00000000 ____D C:\Program Files\Notepad++
2013-07-15 12:21 - 2013-05-22 14:50 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Aperture Deleter
2013-07-11 20:45 - 2013-07-07 14:58 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Skype
2013-07-10 16:24 - 2013-07-10 16:23 - 00000000 ____D C:\Users\Herní\Desktop\Šíma flus
2013-07-10 15:12 - 2013-07-10 15:12 - 00000213 _____ C:\Users\LaMa\Desktop\Team Fortress 2.url
2013-07-09 20:46 - 2013-06-26 18:02 - 00000156 _____ C:\Users\LaMa\Desktop\Tutoriály.txt
2013-07-08 17:07 - 2011-10-30 18:55 - 00000000 ____D C:\Program Files\Opera
2013-07-07 14:58 - 2013-07-07 14:58 - 00002539 _____ C:\Users\Herní\Desktop\Skype.lnk
2013-07-07 11:16 - 2013-07-07 11:16 - 00000213 _____ C:\Users\LaMa\Desktop\Left 4 Dead 2.url
2013-07-05 19:10 - 2012-06-05 22:57 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\.minecraft
2013-07-04 18:10 - 2013-07-04 18:10 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\VitySoft
2013-07-02 15:06 - 2013-07-02 15:00 - 00000000 ____D C:\Users\Herní\Desktop\Nová složka
2013-07-02 14:56 - 2013-04-08 15:30 - 00063952 _____ C:\Users\Herní\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 14:43 - 2013-07-02 14:43 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Media Player Classic
2013-07-02 14:37 - 2013-07-02 14:37 - 00000000 _____ C:\Windows\setuperr.log
2013-07-02 11:40 - 2013-07-02 11:40 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\WinRAR
2013-07-02 10:52 - 2013-07-02 10:52 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
2013-07-02 10:52 - 2013-07-02 10:52 - 00000000 ____D C:\Program Files\Passware
2013-07-02 10:04 - 2013-07-02 10:04 - 00000000 ____D C:\Users\LaMa\AppData\versions
2013-07-02 10:03 - 2013-07-02 10:03 - 00000000 ____D C:\Users\LaMa\minecraft
2013-07-01 11:51 - 2013-06-26 17:17 - 00000000 ____D C:\Users\LaMa\Desktop\Crack
2013-06-29 19:59 - 2013-07-15 21:05 - 517927333 _____ C:\Users\LaMa\Desktop\Ghost.Recon.Predator.PSP.cso
2013-06-29 09:10 - 2009-07-14 06:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 22:02 - 2013-06-27 22:02 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 22:02 - 2013-06-26 20:33 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-27 22:02 - 2013-06-26 20:32 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-27 22:02 - 2013-06-21 21:00 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-27 22:02 - 2012-06-05 02:03 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-27 22:02 - 2012-06-05 02:03 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-26 21:08 - 2009-07-14 06:33 - 03648064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-06-26 20:25 - 2013-06-22 10:09 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Adobe
2013-06-26 20:24 - 2013-06-26 20:24 - 00000000 ____D C:\Users\Herní\AppData\Local\Adobe
2013-06-26 20:13 - 2011-11-18 15:37 - 00000000 ____D C:\Program Files\gta san andreas
2013-06-26 18:30 - 2013-05-14 13:01 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\uTorrent
2013-06-26 18:08 - 2012-07-12 17:21 - 00000000 ____D C:\Users\LaMa\AppData\Local\Adobe
2013-06-26 18:07 - 2012-06-05 00:34 - 00063952 _____ C:\Users\LaMa\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-26 17:57 - 2013-06-26 17:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:56 - 2013-06-26 17:37 - 00000000 ____D C:\ProgramData\Adobe
2013-06-26 17:55 - 2012-06-05 00:57 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Adobe
2013-06-26 17:53 - 2013-06-26 17:43 - 00000000 ____D C:\Program Files\Adobe
2013-06-26 17:51 - 2012-07-12 17:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-26 17:48 - 2013-06-26 17:48 - 00000000 ____D C:\Program Files\Adobe Media Player
2013-06-26 17:44 - 2013-06-26 17:44 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-26 17:44 - 2013-06-26 17:44 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-26 17:43 - 2013-06-26 17:43 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-06-26 17:33 - 2013-06-26 17:33 - 00065536 _____ C:\Windows\IFinst27.exe
2013-06-26 17:33 - 2013-06-26 17:33 - 00000000 ____D C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shock Utility
2013-06-26 17:33 - 2013-06-26 17:33 - 00000000 ____D C:\Program Files\Shock Utility
2013-06-26 17:30 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-06-26 14:33 - 2013-05-28 15:19 - 00000000 ____D C:\Users\LaMa\AppData\Local\PMB Files
2013-06-26 14:33 - 2013-05-28 15:19 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 18:56 - 2013-06-24 18:56 - 00000000 ____D C:\Users\LaMa\AppData\Local\Alexander_Nikiforov
2013-06-24 18:54 - 2013-06-24 18:53 - 00000000 ____D C:\Program Files\MP3 Skype Recorder
2013-06-24 18:04 - 2013-06-24 18:04 - 00000000 ____D C:\Program Files\Castle Crashers
2013-06-23 10:37 - 2013-06-23 10:37 - 00000000 ____D C:\Users\Herní\AppData\Roaming\WinRAR
2013-06-22 13:12 - 2013-06-22 13:12 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Macromedia
2013-06-22 10:34 - 2013-06-22 10:34 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Wargaming.net
2013-06-22 10:13 - 2013-06-22 10:13 - 00000000 ____D C:\Users\Herní\AppData\Roaming\TuneUp Software
2013-06-22 10:06 - 2013-06-22 10:06 - 00000000 ____D C:\Users\Herní\AppData\Roaming\Opera
2013-06-22 10:02 - 2013-03-23 11:01 - 00000000 ____D C:\Windows\pss
Files to move or delete:
====================
C:\Users\HAXXRAKSAMP\RakSAMP.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {1811cce0-ae97-11e1-8eb2-82f84c153219}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {1811cce2-ae97-11e1-8eb2-82f84c153219}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {1811cce0-ae97-11e1-8eb2-82f84c153219}
nx OptIn
Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {1811cce2-ae97-11e1-8eb2-82f84c153219}
device ramdisk=[C:]\Recovery\1811cce2-ae97-11e1-8eb2-82f84c153219\Winre.wim,{1811cce3-ae97-11e1-8eb2-82f84c153219}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\1811cce2-ae97-11e1-8eb2-82f84c153219\Winre.wim,{1811cce3-ae97-11e1-8eb2-82f84c153219}
systemroot \windows
nx OptIn
winpe Yes
Obnovenˇ z hibernace
---------------------
identifik tor {1811cce0-ae97-11e1-8eb2-82f84c153219}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
Starçˇ zavadŘź operaźnˇho syst‚mu Windows
------------------------
identifik tor {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows
Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes
Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Chyby pamŘti RAM
-----------
identifik tor {badmemory}
Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}
Parametry zaýˇzenˇ
--------------
identifik tor {1811cce3-ae97-11e1-8eb2-82f84c153219}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\1811cce2-ae97-11e1-8eb2-82f84c153219\boot.sdi
LastRegBack: 2013-06-23 12:12
==================== End Of Log ============================
Re: Virus ? windows script host error
Napsal: 22 črc 2013 10:50
od vyosek
Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.
Re: Virus ? windows script host error
Napsal: 22 črc 2013 10:53
od lamakak
legální a také bych eště mohl zmínit že jsem měl před tim virus policie čr ale ten jsem vymazal podle nějakého návodu
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:03
od vyosek
FRST si stahne a ulozte na plochu, ne jak ted do docasnych souboru
Running from C:\Users\LaMa\AppData\Local\Opera\Opera\temporary_downloads
Po policejnim viru tam jsou jeste zbytky, odstranime
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Herní\...\Policies\system: [LogonHoursAction] 2
HKU\Herní\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kapitán\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKU\Kapitán\...\Policies\system: [LogonHoursAction] 2
HKU\Kapitán\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisi.exe ()
Startup: C:\Users\Herní\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk
ShortcutTarget: MC service.lnk -> C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe (No File)
Startup: C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk
ShortcutTarget: MC service.lnk -> C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119293 ... FF08904093
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?utm_source=ch-br ... nt=default
SearchScopes: HKCU - DefaultScope {E7D5C6AA-7574-4AF7-A662-92FE33215811} URL = http://search.centrum.cz/index.php?utm_ ... er,IE-9&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119293&tt=gc_&babsrc=SP_ss&mntrId=F61700FF08904093
SearchScopes: HKCU - {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
SearchScopes: HKCU - {E7D5C6AA-7574-4AF7-A662-92FE33215811} URL = http://search.centrum.cz/index.php?utm_ ... er,IE-9&q={searchTerms}
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
FF user.js: detected! => C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\user.js
FF NewTab: hxxp://www.delta-search.com/?affID=1192 ... FF08904093
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://search.babylon.com/?affID=119293 ... FF08904093
\afurladvisor@anchorfree.com
S2 Winmgmt; C:\PROGRA~2\00el.dat [x]
REG: reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v NtVdmSrv /f
REG: reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SwitchBoard /f
REG: reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Skype /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sers /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk /f
REG: reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Herní^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk /f
C:\Users\HAXXRAKSAMP\RakSAMP.exe
C:\Windows\inf\ntvdm.vbe
C:\PROGRA~2\00el.dat
C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisi.exe
C:\Windows\tasks\Adobe Flash Player Updater.job
- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST na plochu
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restartujte PC a dejte mi sem fixlog.txt
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:22
od lamakak
Moc děkuji už to nedělá
- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-07-2013
Ran by LaMa at 2013-07-22 12:16:01 Run:1
Running from C:\Users\LaMa\Desktop
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKU\Herní\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\Herní\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKU\Kapitán\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Kapitán\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\Kapitán\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisi.exe => Moved successfully.
C:\Users\Herní\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk => Moved successfully.
C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe not found.
C:\Users\LaMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC service.lnk => Moved successfully.
C:\Users\LaMa\Downloads\Hstart_4.1-bi\hstartt.exe not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7D5C6AA-7574-4AF7-A662-92FE33215811} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E7D5C6AA-7574-4AF7-A662-92FE33215811} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\user.js => Moved successfully.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Winmgmt => Service restored successfully.
========= reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v NtVdmSrv /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v SwitchBoard /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Skype /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sers /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Herní^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk /f =========
CHYBA: Neplatn syntaxe.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG DELETE /?.
========= End of Reg: =========
C:\Users\HAXXRAKSAMP\RakSAMP.exe => Moved successfully.
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:23
od vyosek
Jeste jdeme dale, je tam toho dost
Stahnete
AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Prohledat
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:31
od lamakak
- # AdwCleaner v2.306 - Logfile created 07/22/2013 at 12:29:12
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : LaMa - LAMA-PC
# Boot Mode : Normal
# Running from : C:\Users\LaMa\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\searchplugins\Babylon.xml
Folder Found : C:\Program Files\Common Files\Speedbit
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BetterSoft
Folder Found : C:\ProgramData\RightClick
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\LaMa\AppData\Local\PackageAware
Folder Found : C:\Users\LaMa\AppData\Roaming\Babylon
Folder Found : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\extensions\510a7b1a3c79e@510a7b1a3c7d7.com
Folder Found : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\jetpack
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\PIP
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\prefs.js
Found : user_pref("browser.search.order.1", "Delta Search");
Found : user_pref("keyword.keywordURL", "hxxp://search.hotspotshield.com/g/results.php?c=s&q=");
-\\ Opera v12.16.1860.0
File : C:\Users\LaMa\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Kapitán\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Herní\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3483 octets] - [22/07/2013 12:29:12]
########## EOF - C:\AdwCleaner[R1].txt - [3543 octets] ##########
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:32
od vyosek
Spustte znovu
AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Smazat
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:37
od lamakak
- # AdwCleaner v2.306 - Logfile created 07/22/2013 at 12:34:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : LaMa - LAMA-PC
# Boot Mode : Normal
# Running from : C:\Users\LaMa\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\searchplugins\Babylon.xml
Folder Deleted : C:\Program Files\Common Files\Speedbit
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\LaMa\AppData\Local\PackageAware
Folder Deleted : C:\Users\LaMa\AppData\Roaming\Babylon
Folder Deleted : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\extensions\510a7b1a3c79e@510a7b1a3c7d7.com
Folder Deleted : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\jetpack
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\PIP
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\LaMa\AppData\Roaming\Mozilla\Firefox\Profiles\ngr2m2kv.default\prefs.js
Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("keyword.keywordURL", "hxxp://search.hotspotshield.com/g/results.php?c=s&q=");
-\\ Opera v12.16.1860.0
File : C:\Users\LaMa\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Kapitán\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Herní\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3612 octets] - [22/07/2013 12:29:12]
AdwCleaner[S1].txt - [3617 octets] - [22/07/2013 12:34:01]
########## EOF - C:\AdwCleaner[S1].txt - [3677 octets] ##########
Re: Virus ? windows script host error
Napsal: 22 črc 2013 11:38
od vyosek
Stahnete
Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
- Provedte aktualizaci
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
Re: Virus ? windows script host error
Napsal: 22 črc 2013 12:03
od lamakak
- Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org
Verze: v2013.07.22.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
LaMa :: LAMA-PC [administrátor]
22.7.2013 12:47:19
mbam-log-2013-07-22 (12-47-19).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 281795
Uplynulý čas: 15 minut, 24 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Nic nenalezeno
