dnes 3x Trojsky kon.

Zpráva

QuickShare · #1 Příspěvek od **QuickShare** » 11 úno 2014 21:07

Dobrý večer, dnes mi ESS4 našiel 3 trojanov... z mailu sa mi otvoril nejaký pdf. a ten bol pravdepodobne nakazený.... pomôžete mi?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hacker at 2014-02-11 20:57:46
Microsoft Windows 7 Ultimate
System drive C: has 4 GB (4%) free of 100 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:54, on 11. 2. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Hacker\Desktop\RSIT.exe
C:\Program Files\trend micro\Hacker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [kiopreq] rundll32 "C:\Users\Hacker\AppData\Local\kiopreq.dll",kiopreq
O4 - HKUS\S-1-5-21-1714108043-953005013-203788322-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1714108043-953005013-203788322-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: l¦.
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4799 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hacker\AppData\Roaming\Mozilla\Firefox\Profiles\pekbl1xq.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-19 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"Nvtmru"=C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-11-14 1028384]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2013-11-14 955168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kiopreq"=rundll32 C:\Users\Hacker\AppData\Local\kiopreq.dll,kiopreq []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-06-17 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\ADVANC~1\wh_exec.exe [2010-05-26 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="l¦."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-02-11 20:57:46 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2014-02-11 20:57:54 ----D---- C:\Windows\Prefetch
2014-02-11 20:57:54 ----D---- C:\Program Files\trend micro
2014-02-11 20:57:51 ----D---- C:\Windows\temp
2014-02-11 20:47:30 ----D---- C:\Users\Hacker\AppData\Roaming\ICQ
2014-02-11 20:36:35 ----D---- C:\Windows\system32\config
2014-02-11 20:34:55 ----D---- C:\ProgramData\NVIDIA
2014-02-11 14:00:32 ----D---- C:\Windows\System32
2014-02-11 14:00:26 ----A---- C:\Windows\system32\PnkBstrB.exe
2014-02-10 11:09:51 ----D---- C:\Windows
2014-02-09 22:59:53 ----SHD---- C:\System Volume Information
2014-02-09 18:16:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-09 18:16:42 ----D---- C:\Windows\inf
2014-02-09 16:27:49 ----D---- C:\Users\Hacker\AppData\Roaming\Skype
2014-02-05 12:59:18 ----D---- C:\Windows\system32\Tasks
2014-02-05 12:58:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-02-04 18:59:43 ----D---- C:\Windows\system32\catroot2
2014-02-01 17:44:44 ----SHD---- C:\Windows\Installer
2014-02-01 17:43:04 ----RD---- C:\Program Files
2014-02-01 17:36:02 ----A---- C:\Windows\win.ini
2014-02-01 12:29:26 ----D---- C:\Windows\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-06 691696]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-06-17 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 EIO;EIO Driver; C:\Windows\system32\DRIVERS\EIO.sys [2010-06-12 14336]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-19 25888]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-07-13 47104]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2009-09-17 7424]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-11-25 77248]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-11-25 54368]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-21 279712]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a0v4aec3;a0v4aec3; C:\Windows\system32\drivers\a0v4aec3.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 664352]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-11-14 1914656]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-03-06 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-06-17 13080]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 11 úno 2014 21:27

Zdravim

To zas zadate o radu s temi nelegalnimi Windows jako zde http://forum.viry.cz/viewtopic.php?f=13&t=131022

QuickShare · #3 Příspěvek od **QuickShare** » 11 úno 2014 21:50

Nie. je to to iste PC a ten isty OS no bol vo firme v ktorej mal byt zlegalizovany.teda bol. podla logu vyzera stale ako cracknuty?

momentalne mi zmizla plocha lista a ikonky tak sa mi odpisuje dost tazko prepacte...dokonca ani opera sa neda zapnut :/

#4 Příspěvek od **vyosek** » 11 úno 2014 22:11

Muzu mit dotaz, kolik jste za to zlegalizovani zaplatil??

Prihlaste se do nouzoveho rezimu (restart, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

QuickShare · #5 Příspěvek od **QuickShare** » 12 úno 2014 16:55

dobry den.
budeme od nich kupovat este krabicovy win tak mame to mat za lepsiu cenu toto stalo trosku viac ako oem.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.02.11.08

Windows 7 x86 NTFS (Núdzoví režim/Sieť)
Internet Explorer 8.0.7600.16385
Hacker :: HACKER-PC [administrátor]

11. 2. 2014 22:37:42
MBAM-log-2014-02-11 (23-10-01).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 374696
Uplynutý čas: 30 min, 27 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk (PUP.Optional.Gophoto.A) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 1
C:\Program Files\Gophoto.it (PUP.Optional.Gophoto.A) -> Žiadna úloha nevykonaná.

Detegované súbory: 4
C:\Users\Hacker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D7FGOJ0\6[1].exe (Spyware.Zbot) -> Žiadna úloha nevykonaná.
C:\Users\Hacker\AppData\Local\temp\2SKKKKKKK.exe (Trojan.Agent.ED) -> Žiadna úloha nevykonaná.
D:\Winamp.v5.6.3.3234.exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Program Files\Gophoto.it\gophotoit16.crx (PUP.Optional.Gophoto.A) -> Žiadna úloha nevykonaná.

(koniec)

#6 Příspěvek od **vyosek** » 12 úno 2014 19:27

Nalezy smazte, objevi se log, ten rad uvidim

QuickShare · #7 Příspěvek od **QuickShare** » 12 úno 2014 21:06

dufam ze nevadi ze som spravil nanovo scen v nudzovom rezime (to od vcera som uz nevedel najst)
no a tu je log po odstraneni:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.02.11.08

Windows 7 x86 NTFS (Núdzoví režim/Sieť)
Internet Explorer 8.0.7600.16385
Hacker :: HACKER-PC [administrátor]

12. 2. 2014 19:38:39
mbam-log-2014-02-12 (19-38-39).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 375114
Uplynutý čas: 30 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk (PUP.Optional.Gophoto.A) -> Pridanie do karantény a zmazanie úspešné.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 1
C:\Program Files\Gophoto.it (PUP.Optional.Gophoto.A) -> Pridanie do karantény a zmazanie úspešné.

Detegované súbory: 2
D:\Winamp.v5.6.3.3234.exe (PUP.Optional.OpenCandy) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files\Gophoto.it\gophotoit16.crx (PUP.Optional.Gophoto.A) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

#8 Příspěvek od **vyosek** » 12 úno 2014 21:07

Ne nevadi, v poradku

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

QuickShare · #9 Příspěvek od **QuickShare** » 12 úno 2014 21:23

program v normalnom rezime spustit nesiel tak som to spravil cez nudzovy.. tam to slo... po restartovani do normalneho rezimu vidim len pozadie pracovnej plochy nic ine.

# AdwCleaner v3.018 - Report created 12/02/2014 at 21:19:09
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Hacker - HACKER-PC
# Running from : C:\Users\Hacker\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Users\Hacker\AppData\Local\GamePlayLabs Plugin
Folder Deleted : C:\Users\Hacker\AppData\Local\PackageAware
Folder Deleted : C:\Users\Hacker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v26.0 (sk)

[ File : C:\Users\Hacker\AppData\Roaming\Mozilla\Firefox\Profiles\pekbl1xq.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2231 octets] - [12/02/2014 21:18:01]
AdwCleaner[S0].txt - [2134 octets] - [12/02/2014 21:19:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2194 octets] ##########

#10 Příspěvek od **vyosek** » 15 úno 2014 08:15

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

QuickShare · #11 Příspěvek od **QuickShare** » 15 úno 2014 12:04

zdravím

včera som uvoľnil s karantény ESS niektoré súbory ktoré mi vypisovali eror po štarte winu.. no neviem ci to bolo rozumne.

OTL Extras logfile created on: 15. 2. 2014 11:33:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hacker\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,18% Memory free
5,00 Gb Paging File | 3,83 Gb Available in Paging File | 76,69% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 3,45 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 4,16 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 26,97 Gb Free Space | 7,33% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 10,65 Gb Free Space | 7,15% Space Free | Partition Type: NTFS
Drive H: | 6,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HACKER-PC | User Name: Hacker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"DisableThumbnailCache" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EEB2BB9-93B0-49D2-89EA-62C0DC30F76D}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3A03E6E8-74E0-49CD-A9A0-96717784B07B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7683D272-141E-4B72-9E5E-3676662CC4EB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F81BA5D2-32C8-4978-89B1-4C9969B870A5}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{480A9E35-1AE4-48D7-9C2E-65F13933A26C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{75751366-4B3B-4772-9764-2651DD275F48}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8CCE4BDE-8F91-4A17-8AE4-8469AA227F35}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{920E2423-3D7D-4A47-8C47-0005E85854A9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9494054C-D00D-4BC2-9728-0BFF93A09458}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BCF66410-2A64-4F62-8C48-C8589F5901DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2CC58B9-A691-4C7D-98FA-2DCD680A2248}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E72DD28C-F77B-47D6-A25C-E1CE00BA6E75}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{EDDC783A-A530-44C8-9490-9DED5478D2B8}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{66F94F05-52D0-475D-8E35-D6F3ABD813BE}" = ESET Smart Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-041B-0000-0000000FF1CE}" = Microsoft Access MUI (Slovak) 2013
"{90150000-0016-041B-0000-0000000FF1CE}" = Microsoft Excel MUI (Slovak) 2013
"{90150000-0018-041B-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Slovak) 2013
"{90150000-0019-041B-0000-0000000FF1CE}" = Microsoft Publisher MUI (Slovak) 2013
"{90150000-001A-041B-0000-0000000FF1CE}" = Microsoft Outlook MUI (Slovak) 2013
"{90150000-001B-041B-0000-0000000FF1CE}" = Microsoft Word MUI (Slovak) 2013
"{90150000-001F-0405-0000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Nyelvi ellenőrző eszközök 2013 – magyar
"{90150000-001F-041B-0000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2013
"{90150000-0044-041B-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Slovak) 2013
"{90150000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2013
"{90150000-0090-041B-0000-0000000FF1CE}" = Microsoft DCF MUI (Slovak) 2013
"{90150000-00A1-041B-0000-0000000FF1CE}" = Microsoft OneNote MUI (Slovak) 2013
"{90150000-00BA-041B-0000-0000000FF1CE}" = Microsoft Groove MUI (Slovak) 2013
"{90150000-00E1-041B-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Slovak) 2013
"{90150000-00E2-041B-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Slovak) 2013
"{90150000-012B-041B-0000-0000000FF1CE}" = Microsoft Lync MUI (Slovak) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 331.82
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B704D3AE-4443-40BA-B8B3-F0762ED4E8BC}" = calibre
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"CCleaner" = CCleaner
"EAX Unified" = EAX Unified
"EPSON Scanner" = EPSON Scan
"Far Cry 3_is1" = Far Cry 3 v1.01
"Fraps" = Fraps
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Lazarus_is1" = Lazarus 1.0.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Mozilla Firefox 26.0 (x86 sk)" = Mozilla Firefox 26.0 (x86 sk)
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OCCT_is1" = OCCT Perestroika 3.1.0
"Office15.PROPLUS" = Microsoft Office 2013 Professional Plus
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"VLC media player" = VLC media player 1.1.5
"WheelMouse" = Advanced Wheel Mouse 6.0.0.010
"WinRAR archiver" = WinRAR archivátor

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13. 2. 2014 5:54:06 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 13. 2. 2014 7:08:40 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 13. 2. 2014 7:08:40 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 14. 2. 2014 8:39:32 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 14. 2. 2014 8:39:32 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 14. 2. 2014 9:48:29 | Computer Name = Hacker-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 14. 2. 2014 15:13:51 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 14. 2. 2014 15:13:51 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 15. 2. 2014 6:28:05 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 15. 2. 2014 6:28:05 | Computer Name = Hacker-PC | Source = NvStreamSvc | ID = 131073
Description =

[ Media Center Events ]
Error - 19. 4. 2010 10:44:57 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 16:44:57 - Chyba pripájania na Internet. 16:44:57 - Nebolo možné
spojiť sa so serverom..

Error - 5. 5. 2010 11:41:28 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 17:41:28 - Chyba pripájania na Internet. 17:41:28 - Nebolo možné
spojiť sa so serverom..

Error - 5. 5. 2010 13:32:58 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 19:32:58 - Chyba pripájania na Internet. 19:32:58 - Nebolo možné
spojiť sa so serverom..

Error - 7. 5. 2010 10:25:01 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 16:25:01 - Chyba pripájania na Internet. 16:25:01 - Nebolo možné
spojiť sa so serverom..

Error - 7. 5. 2010 11:25:06 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 17:25:06 - Chyba pripájania na Internet. 17:25:06 - Nebolo možné
spojiť sa so serverom..

Error - 12. 5. 2010 13:30:09 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 19:30:08 - Chyba pripájania na Internet. 19:30:08 - Nebolo možné
spojiť sa so serverom..

Error - 6. 6. 2010 6:17:33 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 12:17:33 - Chyba pripájania na Internet. 12:17:33 - Nebolo možné
spojiť sa so serverom..

Error - 21. 6. 2010 5:21:31 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 11:21:30 - Chyba pripájania na Internet. 11:21:30 - Nebolo možné
spojiť sa so serverom..

Error - 20. 8. 2010 6:52:42 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 12:52:41 - Chyba pripájania na Internet. 12:52:41 - Nebolo možné
spojiť sa so serverom..

Error - 30. 8. 2010 3:27:43 | Computer Name = Hacker-PC | Source = MCUpdate | ID = 0
Description = 9:27:33 - Chyba pripájania na Internet. 9:27:40 - Nebolo možné
spojiť sa so serverom..

[ System Events ]
Error - 14. 2. 2014 15:13:27 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 14. 2. 2014 15:13:27 | Computer Name = Hacker-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%1275

Error - 14. 2. 2014 15:13:36 | Computer Name = Hacker-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: mtbh prodrv06 prohlp02 prosync1 sfhlp01

Error - 15. 2. 2014 6:27:30 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver sfhlp01.sys has been blocked from loading.

Error - 15. 2. 2014 6:27:30 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver prosync1.sys has been blocked from loading.

Error - 15. 2. 2014 6:27:30 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver prohlp02.sys has been blocked from loading.

Error - 15. 2. 2014 6:27:34 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver prodrv06.sys has been blocked from loading.

Error - 15. 2. 2014 6:27:42 | Computer Name = Hacker-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 15. 2. 2014 6:27:42 | Computer Name = Hacker-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby atksgt zlyhalo kvôli nasledujúcej chybe: %%1275

Error - 15. 2. 2014 6:27:50 | Computer Name = Hacker-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: mtbh prodrv06 prohlp02 prosync1 sfhlp01

[ TuneUp Events ]
Error - 3. 6. 2010 8:10:38 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3. 6. 2010 8:10:38 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3. 6. 2010 8:10:38 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 27. 8. 2010 14:02:19 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 27. 8. 2010 14:02:19 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 27. 8. 2010 14:02:19 | Computer Name = Hacker-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

< End of report >

QuickShare · #12 Příspěvek od **QuickShare** » 15 úno 2014 12:04

OTL logfile created on: 15. 2. 2014 11:33:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hacker\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,18% Memory free
5,00 Gb Paging File | 3,83 Gb Available in Paging File | 76,69% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 3,45 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 4,16 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 26,97 Gb Free Space | 7,33% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 10,65 Gb Free Space | 7,15% Space Free | Partition Type: NTFS
Drive H: | 6,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HACKER-PC | User Name: Hacker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 11:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
PRC - [2013/11/14 12:56:14 | 014,652,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/11/14 12:56:09 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/14 12:56:01 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/11 15:26:53 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/11/11 15:26:52 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/01 20:32:30 | 000,448,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
PRC - [2010/06/17 13:32:13 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/17 12:38:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/06/17 12:23:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/18 07:58:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/06/26 16:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/15 10:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/04 12:33:24 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
MOD - [2009/06/26 16:08:38 | 006,036,992 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009/04/20 13:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
MOD - [2006/01/10 16:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll

========== Services (SafeList) ==========

SRV - [2013/11/14 12:56:14 | 014,652,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/11/14 12:56:01 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/06/17 12:19:26 | 000,013,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ewepum.sys -- (mtbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab06ivox)
DRV - [2013/11/14 12:56:22 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/11/14 12:55:57 | 010,446,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/12 13:54:03 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2010/01/21 17:14:38 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/19 13:00:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/06 16:54:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/17 01:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/05/14 14:49:32 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/05/14 14:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 14:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/05/13 19:11:32 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/11/25 17:36:06 | 000,077,248 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/11/25 17:32:01 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E D9 93 C8 81 29 CF 01 [binary data]
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Dunaj"
FF - prefs.js..browser.search.selectedEngine: "Dunaj"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hacker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/08/13 14:19:02 | 000,000,000 | ---D | M]

[2013/12/22 11:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hacker\AppData\Roaming\mozilla\Extensions
[2013/11/01 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hacker\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/08/08 13:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Hacker\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
[2013/12/22 11:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/22 11:53:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2013/06/15 10:27:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1714108043-953005013-203788322-1000..\Run: [cisvmmc] C:\Users\Hacker\AppData\Local\Temp\Logopsrv\iscstugc.exe File not found
O4 - HKU\S-1-5-21-1714108043-953005013-203788322-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O7 - HKU\S-1-5-21-1714108043-953005013-203788322-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{176C225A-A76F-4264-8E3B-D96ED8D87C65}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (l¦.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/04 14:44:07 | 000,000,059 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014/02/15 11:31:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2014/02/12 21:17:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/11 20:57:46 | 000,000,000 | ---D | C] -- C:\rsit
[2014/02/08 23:14:56 | 000,000,000 | ---D | C] -- C:\Users\Hacker\Documents\HOT108

========== Files - Modified Within 7 Days ==========

[2014/02/15 11:34:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/02/15 11:33:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:33:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hacker\Desktop\OTL.exe
[2014/02/15 11:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 11:27:38 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/15 11:27:38 | 000,516,780 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2014/02/14 20:53:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job
[2014/02/14 17:53:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job
[2014/02/13 21:28:35 | 002,636,350 | ---- | M] () -- C:\Users\Hacker\Desktop\img294.jpg
[2014/02/12 21:14:42 | 001,166,132 | ---- | M] () -- C:\Users\Hacker\Desktop\adwcleaner.exe
[2014/02/11 20:57:17 | 000,781,383 | ---- | M] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2014/02/11 14:00:37 | 000,138,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2014/02/11 14:00:26 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2014/02/09 18:16:43 | 000,656,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/09 18:16:43 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/09 15:09:46 | 000,022,521 | ---- | M] () -- C:\Users\Hacker\Documents\1689651_10203111542140381_1106707046_n.jpg
[2014/02/09 10:34:05 | 000,436,719 | ---- | M] () -- C:\Users\Hacker\Documents\o-cakrach-mantry.jpg

========== Files Created - No Company Name ==========

[2014/02/15 11:34:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/02/13 21:27:25 | 002,636,350 | ---- | C] () -- C:\Users\Hacker\Desktop\img294.jpg
[2014/02/12 21:11:42 | 001,166,132 | ---- | C] () -- C:\Users\Hacker\Desktop\adwcleaner.exe
[2014/02/11 20:57:42 | 000,781,383 | ---- | C] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2014/02/09 15:09:46 | 000,022,521 | ---- | C] () -- C:\Users\Hacker\Documents\1689651_10203111542140381_1106707046_n.jpg
[2013/11/12 21:16:01 | 001,849,344 | ---- | C] () -- C:\Windows\System32\Qt4Pas5.dll
[2013/09/08 09:44:29 | 000,000,408 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\CamShapes.ini
[2013/09/08 09:44:29 | 000,000,408 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\CamLayout.ini
[2013/09/08 09:44:29 | 000,000,046 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\Camdata.ini
[2013/09/08 09:42:57 | 000,004,509 | ---- | C] () -- C:\Users\Hacker\AppData\Roaming\CamStudio.cfg
[2013/03/06 20:26:49 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/03/06 20:26:39 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/03/06 20:26:22 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/06/22 14:34:07 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/14 12:29:27 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz (2).lnk
[2011/06/26 20:30:31 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/22 14:29:37 | 000,001,064 | ---- | C] () -- C:\Users\Hacker\Dokumenty - odkaz.lnk
[2010/03/28 16:16:39 | 000,000,145 | ---- | C] () -- C:\Users\Hacker\faktorial.m
[2010/03/28 16:13:36 | 000,000,296 | ---- | C] () -- C:\Users\Hacker\vvv.m

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/06/17 14:23:40 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/19 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Anthropics
[2012/08/13 15:57:11 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Bioshock2
[2010/05/14 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\BitSpirit
[2013/09/20 10:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\calibre
[2011/07/18 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\DAEMON Tools Pro
[2012/09/05 12:58:14 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\EPSON
[2009/12/25 14:02:26 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ESET
[2011/06/05 23:17:05 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\FileZilla
[2014/02/11 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ICQ
[2011/07/19 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\install
[2011/02/26 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Juniper Networks
[2011/06/13 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\LangSoft
[2009/12/26 12:28:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera
[2013/07/31 08:35:15 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera Software
[2012/05/15 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Origin
[2011/05/01 17:13:16 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Quantitative Micro Software
[2010/01/16 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\TuneUp Software
[2010/05/14 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Ubisoft
[2013/09/08 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\WinAVI

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 05:53:46 | 000,032,504 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/14 11:20:00 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/06/29 16:48:53 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job
[2013/06/29 16:48:53 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_2a08db1f70fe2af8\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/06/17 12:23:24 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\System32\autochk.exe
[2010/06/17 12:23:24 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2010/06/17 12:16:43 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=656D1EC977E3C5316A62DBBE52CB9663 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_70196a0a47ff6d0e\cdrom.sys
[2010/06/17 12:16:43 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=656D1EC977E3C5316A62DBBE52CB9663 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16397_none_5f76e2ae05214e5a\cdrom.sys
[2010/06/17 12:16:43 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=A26D70218A51D85E6AA74CA1DA8EFBE2 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.20493_none_5ffc7e511e4288c8\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/06/17 12:45:35 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BB63132C854BC53D2826F4D4B92C9C35 -- C:\Windows\System32\drivers\cdrom.sys
[2010/06/17 12:45:35 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BB63132C854BC53D2826F4D4B92C9C35 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_21e969d21d334231\cdrom.sys
[2010/06/17 12:45:35 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BB63132C854BC53D2826F4D4B92C9C35 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.20595_none_5ffe80cb1e40b89d\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2010/06/17 13:32:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=016D7144F3B717A0850DACC75F08DD3D -- C:\Windows\explorer.exe
[2010/06/17 13:32:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=016D7144F3B717A0850DACC75F08DD3D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20658_none_52380e6ef412967a\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010/06/17 12:19:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/06/17 12:19:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

< MD5 for: HAL.DLL >
[2010/06/17 12:44:51 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5643BEF4C4268790D5B32BC863368A0C -- C:\Windows\System32\hal.dll
[2010/06/17 12:44:51 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=5643BEF4C4268790D5B32BC863368A0C -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16504_none_ab54cba9babdce35\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
[2010/06/17 12:44:51 | 000,194,440 | ---- | M] (Microsoft Corporation) MD5=9B6828EB09DCC6D316E0ED28B6981844 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20618_none_abd799b0d3dfef4c\hal.dll
[2010/06/17 12:16:02 | 000,194,632 | ---- | M] (Microsoft Corporation) MD5=AC6A0383DE79C8306199FD6D3B8B77A5 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20495_none_ab7e15a6d4238881\hal.dll
[2010/06/17 12:16:02 | 000,194,632 | ---- | M] (Microsoft Corporation) MD5=C501C6A946524FDAD89EA3F59DE7C324 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16399_none_aaf87a03bb024e13\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/06/17 12:20:16 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=53B13B258970B6B5A1FE09F26EB3B3A6 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20527_none_38b0b74c535a2c7c\scecli.dll
[2010/06/17 12:39:21 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\System32\scecli.dll
[2010/06/17 12:39:21 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20617_none_38bb891e53520db2\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/06/17 14:05:44 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/17 14:05:44 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010/06/17 14:05:44 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2010/06/17 12:26:47 | 001,288,192 | ---- | M] (Microsoft Corporation) MD5=C534E7C87422B720820CAA23F7235ADE -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16512_none_b33d1ad7c783c119\tcpip.sys
[2010/06/17 12:34:33 | 001,287,256 | ---- | M] (Microsoft Corporation) MD5=CB79D3F4BE0AC26892980330E448018D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20567_none_b395a792e0c56e24\tcpip.sys
[2010/06/17 12:26:47 | 001,287,048 | ---- | M] (Microsoft Corporation) MD5=D78C447AE8255AC872F1694868D571E2 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20628_none_b3c1e972e0a414de\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/06/17 12:36:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1C4707299926AF0E555C2DC98E411B59 -- C:\Windows\System32\winlogon.exe
[2010/06/17 12:36:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1C4707299926AF0E555C2DC98E411B59 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20574_none_702cc58d4f5b790f\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2010/06/17 12:25:48 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2010/06/17 12:25:48 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[7 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2013/11/19 17:52:26 | 112,162,891 | ---- | M] (Lazarus Team ) -- C:\lazarus-1.0.12-fpc-2.6.2-win64.exe
[2013/04/25 14:53:30 | 006,216,360 | ---- | M] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[2013/04/26 19:31:38 | 000,188,416 | ---- | M] () -- C:\T-Cleaner.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/07/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Adobe
[2011/06/19 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Anthropics
[2012/08/13 15:57:11 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Bioshock2
[2010/05/14 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\BitSpirit
[2013/09/20 10:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\calibre
[2011/07/18 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\DAEMON Tools Pro
[2013/11/27 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\dvdcss
[2012/09/05 12:58:14 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\EPSON
[2009/12/25 14:02:26 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ESET
[2011/06/05 23:17:05 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\FileZilla
[2014/02/11 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\ICQ
[2009/12/25 13:09:18 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Identities
[2011/07/19 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\install
[2009/12/26 14:05:32 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\InstallShield
[2011/02/26 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Juniper Networks
[2011/06/13 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\LangSoft
[2009/12/25 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Macromedia
[2011/07/18 15:15:53 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Malwarebytes
[2009/07/14 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Media Center Programs
[2013/12/15 18:07:03 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Media Player Classic
[2014/01/03 19:02:34 | 000,000,000 | --SD | M] -- C:\Users\Hacker\AppData\Roaming\Microsoft
[2013/12/22 11:53:26 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Mozilla
[2011/08/29 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Nero
[2012/06/02 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\NVIDIA
[2009/12/26 12:28:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera
[2013/07/31 08:35:15 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Opera Software
[2012/05/15 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Origin
[2011/05/01 17:13:16 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Quantitative Micro Software
[2010/06/07 20:19:26 | 000,000,000 | RH-D | M] -- C:\Users\Hacker\AppData\Roaming\SecuROM
[2014/02/09 16:27:49 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Skype
[2013/11/01 11:54:07 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\skypePM
[2010/01/16 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\TuneUp Software
[2010/05/14 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\Ubisoft
[2013/12/06 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\vlc
[2013/09/08 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\WinAVI
[2010/05/31 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hacker\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010/09/12 18:03:56 | 000,092,560 | R--- | M] () -- C:\Users\Hacker\AppData\Roaming\Microsoft\Installer\{A6B2BCAB-02D4-49FD-82C4-AAA6658826A7}\Windows7Manager.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014/02/14 17:53:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job
[2014/02/14 20:53:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/01/06 16:54:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/02/15 11:33:38 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:33:38 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 11:27:38 | 000,516,780 | ---- | M] () -- C:\Windows\system32\oodbs.lor

< %SYSTEMDRIVE%\*.exe >
[2013/11/19 17:52:26 | 112,162,891 | ---- | M] (Lazarus Team ) -- C:\lazarus-1.0.12-fpc-2.6.2-win64.exe
[2013/04/25 14:53:30 | 006,216,360 | ---- | M] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[2013/04/26 19:31:38 | 000,188,416 | ---- | M] () -- C:\T-Cleaner.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"cisvmmc" = C:\Users\Hacker\AppData\Local\Temp\Logopsrv\iscstugc.exe

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013/12/05 20:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=1EEA6C1B35191DC177EA83672B9C3FC0 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013/11/13 17:50:38 | 000,879,456 | ---- | M] (Opera Software) MD5=C5520FEB7AD5F6E3692B6DE41F6A1A27 -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/02/15 11:34:36 | 000,000,512 | ---- | M] () MD5=2F2FE36F9BAA201EA2816DC6858D4D06 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010/06/27 15:53:52 | 000,012,143 | ---- | M] () -- \Users\Hacker\AppData\Local\VirtualStore\Program Files\Counter-Strike\cstrike\sound\misc\cracker1.wav

< *keygen* /s >

< *loader* /s >
[2012/11/28 13:24:29 | 000,067,584 | ---- | M] () -- \Hry\Far Cry 3\bin\ubiorbitapi_r2_loader.dll
[2012/11/28 21:54:12 | 000,003,072 | ---- | M] () -- \Hry\Far Cry 3\bin\uplay_r1_loader.dll
[2009/01/16 01:26:10 | 000,009,068 | ---- | M] () -- \lazarus\debugger\fpdebug\dbgloader.pp
[2005/05/18 21:24:09 | 000,003,206 | ---- | M] () -- \lazarus\fpc\2.6.2\source\packages\gtk2\src\gtk+\gdk-pixbuf\gdk-pixbuf-loader.inc
[2010/10/06 21:33:57 | 000,016,877 | ---- | M] () -- \lazarus\fpc\2.6.2\source\packages\winunits-jedi\src\ModuleLoader.pas
[2013/11/14 12:56:07 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\331.82\Win8_WinVista_Win7\English\GFExperience\ExtensionLoader.dll
[2013/08/01 18:27:34 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2012/10/01 20:30:04 | 000,268,384 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2012/10/01 20:30:04 | 000,019,048 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2008/01/03 14:46:51 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.0\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2008/01/03 14:46:51 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.0\imApp\theme\IMAGES\XtraPreloader\loader.swf
[2009/12/20 08:55:30 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.0\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2008/01/03 14:46:51 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.0\imApp\theme\MUICoreLib\xtraLoader.swf
[2010/03/29 17:17:46 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011/03/13 23:03:54 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\icq_profile\preloader.html
[2010/06/06 13:01:20 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\pool\preloader02.swf
[2011/01/18 10:36:15 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\profile_forms\preloader.html
[2011/01/18 10:36:15 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\profile_lightboxs\preloader.html
[2010/10/03 22:22:27 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\rps\preloader02.swf
[2010/06/06 12:29:59 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\content\zoopaloola\preloader02.swf
[2010/01/22 11:58:43 | 000,552,798 | ---- | M] () -- \Program Files\ICQ7.0\Xtraz\icq\theme\game_center\loaderBkg.png
[2011/05/11 11:22:40 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011/05/11 11:22:40 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011/05/11 11:22:40 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2011/05/22 20:41:39 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011/07/27 20:59:28 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011/05/11 11:22:59 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011/05/11 11:23:00 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011/08/24 21:44:47 | 000,003,830 | ---- | M] () -- \Program Files\ICQ7.5\Xtraz\icq\content\slide-a-lama\preloader02.swf
[2013/11/14 12:56:07 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{17B2B2B0-9CA1-4CD1-BCB0-89C96C5B52AE}\ExtensionLoader.dll
[2013/11/14 12:56:07 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013/07/25 03:43:28 | 000,065,344 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011/11/06 10:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2010/03/15 10:28:24 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013/10/09 17:07:12 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013/10/09 17:07:12 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013/10/09 17:07:12 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/10/09 17:07:12 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/10/09 17:07:12 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2013/10/09 17:07:12 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013/10/09 17:07:12 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013/10/09 17:07:12 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/10/09 17:07:12 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/10/09 17:07:12 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 08:42:17 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 08:42:17 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 08:42:17 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010/06/17 13:36:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20667_none_5b9e5158e7060a9d.manifest
[2010/06/17 13:36:54 | 000,507,384 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20667_none_5b9e5158e7060a9d_winload.exe_75835076
[2010/06/17 13:36:55 | 000,442,736 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20667_none_5b9e5158e7060a9d_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 08:41:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2010/06/17 12:19:38 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010/06/17 12:19:38 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/06/17 13:36:25 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20667_none_5b9e5158e7060a9d.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

#13 Příspěvek od **vyosek** » 16 úno 2014 13:35

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ewepum.sys -- (mtbh)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab06ivox)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC4
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49899
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E D9 93 C8 81 29 CF 01 [binary data]
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1714108043-953005013-203788322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O4 - HKU\S-1-5-21-1714108043-953005013-203788322-1000..\Run: [cisvmmc] C:\Users\Hacker\AppData\Local\Temp\Logopsrv\iscstugc.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O20 - AppInit_DLLs: (l¦.) - File not found
[2014/02/12 21:11:42 | 001,166,132 | ---- | C] () -- C:\Users\Hacker\Desktop\adwcleaner.exe
[2014/02/11 20:57:42 | 000,781,383 | ---- | C] () -- C:\Users\Hacker\Desktop\RSIT.exe
[2013/11/19 17:52:26 | 112,162,891 | ---- | M] (Lazarus Team ) -- C:\lazarus-1.0.12-fpc-2.6.2-win64.exe
[2013/04/25 14:53:30 | 006,216,360 | ---- | M] (一普明为（北京）信息技术有限公司) -- C:\PCHunter32.exe
[2013/04/26 19:31:38 | 000,188,416 | ---- | M] () -- C:\T-Cleaner.exe
[2014/02/14 17:53:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job
[2014/02/14 20:53:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cisvmmc"=-

:files
C:\Users\Hacker\AppData\Local\Temp\Logopsrv
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

QuickShare · #14 Příspěvek od **QuickShare** » 16 úno 2014 14:18

All processes killed
========== OTL ==========
Service mtbh stopped successfully!
Service mtbh deleted successfully!
File System32\drivers\ewepum.sys not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys not found.
Error: No service named ab06ivox was found to stop!
Service\Driver key ab06ivox not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1714108043-953005013-203788322-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1714108043-953005013-203788322-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cisvmmc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:l¦. deleted successfully.
C:\Users\Hacker\Desktop\adwcleaner.exe moved successfully.
C:\Users\Hacker\Desktop\RSIT.exe moved successfully.
C:\lazarus-1.0.12-fpc-2.6.2-win64.exe moved successfully.
C:\PCHunter32.exe moved successfully.
C:\T-Cleaner.exe moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1714108043-953005013-203788322-1000UA.job moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cisvmmc not found.
========== FILES ==========
C:\Users\Hacker\AppData\Local\Temp\Logopsrv folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hacker
->Temp folder emptied: 1559325 bytes
->Temporary Internet Files folder emptied: 24497857 bytes
->Java cache emptied: 19919 bytes
->FireFox cache emptied: 65179752 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 22239253 bytes
->Flash cache emptied: 656 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 373163162 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 464,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Hacker
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Hacker
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02162014_141522

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#15 Příspěvek od **vyosek** » 17 úno 2014 15:06

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

dnes 3x Trojsky kon.

dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.

Re: dnes 3x Trojsky kon.