VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan v pc

https://forum.viry.cz:443/viewtopic.php?t=137218

Stránka 1 z 2

Trojan v pc

Napsal: 02 dub 2014 10:02
od Ragnar3
Zdravím, pri používaní firefoxu (robí to aj na chrome), čo sa týka doslova každého kliknutia na inú stránku sa mi začala vyhadzovať od esetu tabulka s infiltráciou JS/Kryptik.I trojsky kôň obrázok : http://leteckaposta.cz/342317687 . Pár krát som robil prehliadku esetom, programom malwarebytes a pred tým ešte iobit malware fighterom no ten som vymazal nakolko som práve na tomto fóre prečítal že to nieje dobrý program a lepší je malwarebytes no nič mi nenašiel ani jeden program. Prikladám tu log z combofixu.


ComboFix 14-03-24.01 - admin . 04. 2014 10:37:57.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.8138.6389 [GMT 2:00]
Running from: c:\users\admin\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))
.
.
2014-04-02 08:40 . 2014-04-02 08:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-01 21:37 . 2014-04-01 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-01 21:37 . 2014-04-01 21:37 -------- d-----w- c:\programdata\Malwarebytes
2014-04-01 21:37 . 2014-03-05 07:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-01 21:37 . 2014-03-05 07:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 21:37 . 2014-03-05 07:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 20:15 . 2014-04-01 20:32 -------- d-----w- c:\program files\Enigma Software Group
2014-04-01 20:11 . 2014-04-01 20:32 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-01 20:11 . 2014-04-01 20:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-03-28 22:23 . 2014-03-28 22:23 -------- d-----w- c:\users\admin\AppData\Local\Splashtop
2014-03-28 22:02 . 2014-03-28 22:02 -------- d-----w- c:\programdata\Splashtop
2014-03-28 22:02 . 2014-03-28 22:02 -------- d-----w- c:\program files (x86)\Splashtop
2014-03-26 15:18 . 2014-03-26 15:18 -------- d-----w- c:\windows\system32\logs
2014-03-26 14:51 . 2014-03-26 14:51 -------- d-----w- c:\users\admin\AppData\Roaming\.StarMade
2014-03-26 12:15 . 2013-11-15 01:52 7217152 ----a-w- c:\windows\SysWow64\CrypticError.exe
2014-03-26 10:47 . 2014-03-26 10:47 -------- d-----w- c:\users\admin\AppData\Roaming\SpaceEngineers
2014-03-25 18:15 . 2014-03-25 18:15 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-03-25 16:45 . 2014-03-25 16:45 -------- d-----w- c:\users\admin\AppData\Roaming\wargaming.net
2014-03-25 09:02 . 2014-03-25 09:02 -------- d-----w- c:\users\admin\AppData\Local\SWTOR
2014-03-25 08:36 . 2014-03-25 09:41 -------- d-----w- c:\programdata\BitRaider
2014-03-24 09:18 . 2014-03-17 09:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81A9BED8-0E04-4DD2-982C-780B884372A7}\mpengine.dll
2014-03-24 09:17 . 2014-03-24 09:17 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-24 09:16 . 2014-03-24 09:16 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-24 09:16 . 2014-03-24 09:16 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-03-24 09:16 . 2014-03-24 09:16 3138048 ----a-w- c:\windows\system32\mstscax.dll
2014-03-24 09:16 . 2014-03-24 09:16 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-24 09:16 . 2014-03-24 09:16 158208 ----a-w- c:\windows\system32\aaclient.dll
2014-03-24 09:16 . 2014-03-24 09:16 131072 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-03-24 09:15 . 2014-03-24 09:15 3150848 ----a-w- c:\windows\system32\win32k.sys
2014-03-24 09:14 . 2014-03-24 09:14 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-03-24 09:14 . 2014-03-24 09:14 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-24 09:14 . 2014-03-24 09:14 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-03-24 09:14 . 2014-03-24 09:14 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-03-24 09:14 . 2014-03-24 09:14 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-03-24 09:14 . 2014-03-24 09:14 112640 ----a-w- c:\windows\system32\smss.exe
2014-03-24 09:13 . 2014-03-24 09:13 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-03-24 09:11 . 2014-03-24 09:11 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-24 09:08 . 2014-03-24 09:08 287576 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-24 09:08 . 2014-03-24 09:08 1893224 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-03-24 09:03 . 2014-03-24 09:03 801280 ----a-w- c:\windows\system32\usp10.dll
2014-03-24 09:03 . 2014-03-24 09:03 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2014-03-24 09:01 . 2014-03-24 09:01 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-03-24 09:01 . 2014-03-24 09:01 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-03-24 08:58 . 2014-03-24 08:58 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-03-24 08:58 . 2014-03-24 08:58 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-03-24 08:54 . 2014-03-24 08:54 2001408 ----a-w- c:\windows\system32\msxml6.dll
2014-03-24 08:54 . 2014-03-24 08:54 1880064 ----a-w- c:\windows\system32\msxml3.dll
2014-03-24 08:54 . 2014-03-24 08:54 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-03-24 08:54 . 2014-03-24 08:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-03-24 08:53 . 2014-03-24 08:53 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-03-24 08:53 . 2014-03-24 08:53 367616 ----a-w- c:\windows\system32\atmfd.dll
2014-03-24 08:53 . 2014-03-24 08:53 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-03-24 08:53 . 2014-03-24 08:53 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-03-24 08:52 . 2014-03-24 08:52 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-24 08:52 . 2014-03-24 08:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-24 08:50 . 2014-03-24 08:50 478208 ----a-w- c:\windows\system32\dpnet.dll
2014-03-24 08:50 . 2014-03-24 08:50 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2014-03-24 08:49 . 2014-03-24 08:49 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-03-24 08:48 . 2014-03-24 08:48 850944 ----a-w- c:\windows\system32\jscript.dll
2014-03-24 08:48 . 2014-03-24 08:48 609792 ----a-w- c:\windows\system32\vbscript.dll
2014-03-24 08:48 . 2014-03-24 08:48 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-24 08:48 . 2014-03-24 08:48 95744 ----a-w- c:\windows\system32\synceng.dll
2014-03-24 08:48 . 2014-03-24 08:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2014-03-24 08:47 . 2014-03-24 08:47 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-03-24 08:47 . 2014-03-24 08:47 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-03-24 08:47 . 2014-03-24 08:47 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-03-24 08:47 . 2014-03-24 08:47 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-03-24 08:47 . 2014-03-24 08:47 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-03-24 08:47 . 2014-03-24 08:47 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-03-24 08:47 . 2014-03-24 08:47 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-03-24 08:42 . 2014-03-24 08:42 714752 ----a-w- c:\windows\system32\kerberos.dll
2014-03-24 08:42 . 2014-03-24 08:42 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-03-24 08:41 . 2014-03-24 08:41 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2014-03-24 08:41 . 2014-03-24 08:41 1462784 ----a-w- c:\windows\system32\crypt32.dll
2014-03-24 08:41 . 2014-03-24 08:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2014-03-24 08:41 . 2014-03-24 08:41 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2014-03-24 08:41 . 2014-03-24 08:41 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-03-24 08:41 . 2014-03-24 08:41 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2014-03-24 08:41 . 2014-03-24 08:41 503808 ----a-w- c:\windows\system32\srcore.dll
2014-03-24 08:41 . 2014-03-24 08:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-03-24 08:39 . 2014-03-24 08:39 73216 ----a-w- c:\windows\system32\netapi32.dll
2014-03-24 08:39 . 2014-03-24 08:39 58880 ----a-w- c:\windows\system32\browcli.dll
2014-03-24 08:39 . 2014-03-24 08:39 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2014-03-24 08:39 . 2014-03-24 08:39 136704 ----a-w- c:\windows\system32\browser.dll
2014-03-24 08:39 . 2014-03-24 08:39 220160 ----a-w- c:\windows\system32\wintrust.dll
2014-03-24 08:39 . 2014-03-24 08:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-03-24 08:38 . 2014-03-24 08:38 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2014-03-24 08:38 . 2014-03-24 08:38 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-03-24 08:38 . 2014-03-24 08:38 956416 ----a-w- c:\windows\system32\localspl.dll
2014-03-24 08:37 . 2014-03-24 08:37 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-24 08:37 . 2014-03-24 08:37 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-03-24 08:37 . 2014-03-24 08:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2014-03-24 08:37 . 2014-03-24 08:37 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-24 08:37 . 2014-03-24 08:37 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-24 08:37 . 2014-03-24 08:37 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-03-24 08:37 . 2014-03-24 08:37 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-03-24 08:37 . 2014-03-24 08:37 14165504 ----a-w- c:\windows\system32\shell32.dll
2014-03-24 08:36 . 2014-03-24 08:36 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2014-03-24 08:36 . 2014-03-24 08:36 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-03-24 08:35 . 2014-03-24 08:35 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2014-03-24 08:35 . 2014-03-24 08:35 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2014-03-24 08:35 . 2014-03-24 08:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-03-24 08:35 . 2014-03-24 08:35 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-03-24 08:35 . 2014-03-24 08:35 208896 ----a-w- c:\windows\system32\profsvc.dll
2014-03-24 08:34 . 2014-03-24 08:34 3213824 ----a-w- c:\windows\system32\msi.dll
2014-03-24 08:34 . 2014-03-24 08:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2014-03-24 08:33 . 2014-03-24 08:33 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-03-24 08:33 . 2014-03-24 08:33 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-03-24 08:29 . 2014-03-24 08:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2014-03-24 08:29 . 2014-03-24 08:29 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-03-24 08:29 . 2014-03-24 08:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-03-24 08:29 . 2014-03-24 08:29 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-03-24 08:29 . 2014-03-24 08:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2014-03-24 08:29 . 2014-03-24 08:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-24 08:29 . 2014-03-24 08:29 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-03-24 08:29 . 2014-03-24 08:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2014-03-24 08:29 . 2014-03-24 08:29 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-03-24 08:29 . 2014-03-24 08:29 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-03-24 08:28 . 2014-03-24 08:28 80896 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-24 08:28 . 2014-03-24 08:28 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-03-24 08:28 . 2014-03-24 08:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-24 08:28 . 2014-03-24 08:28 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-24 08:28 . 2014-03-24 08:28 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-03-24 08:16 . 2014-03-24 08:16 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-03-24 08:16 . 2014-03-24 08:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-24 09:07 . 2014-03-24 09:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-24 08:49 . 2014-03-24 08:49 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2014-03-24 08:49 . 2014-03-24 08:49 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2014-03-24 08:49 . 2014-03-24 08:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2014-03-24 08:37 . 2014-03-24 08:37 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-24 08:37 . 2014-03-24 08:37 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-24 07:50 . 2014-03-24 07:50 285696 ----a-w- c:\windows\system32\schtasks.exe
2014-03-24 07:50 . 2014-03-24 07:50 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2014-03-24 07:50 . 2014-03-24 07:50 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-24 00:06 . 2013-11-22 22:12 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-03-19 09:35 . 2013-12-19 17:23 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-19 09:21 . 2013-12-19 17:23 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-18 18:34 . 2013-12-19 18:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-12 12:56 . 2013-11-22 22:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 12:56 . 2013-11-22 22:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-20 06:41 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2013-11-22 22:36 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2013-11-22 22:36 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2013-11-22 22:34 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2013-11-22 22:34 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2013-11-22 22:34 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-11-22 22:34 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2013-11-22 22:36 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-11-22 22:36 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-01-08 23:29 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2013-11-22 22:36 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-11-22 22:36 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-11-22 22:36 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2013-11-22 22:36 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-08 18:34 . 2014-02-20 06:41 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-20 06:41 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-05 09:31 . 2013-12-03 12:07 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-12-03 12:07 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-11-22 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-11-22 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player_ControlBar\prxtbBS_P.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2013-11-06 16:53 226592 ----a-w- c:\program files (x86)\BS_Player_ControlBar\prxtbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player_ControlBar\prxtbBS_P.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-11-22 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"uTorrent"="c:\users\admin\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-26 905296]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-02-20 6161176]
"Advanced SystemCare 7"="d:\program files\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-22 291648]
"Adobe Updater"="c:\programdata\adobe\color.vbs" [2013-12-11 101]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cloud Panel.lnk - c:\users\admin\AppData\Roaming\CloudPanel\CloudPanelLauncher.exe [2014-3-22 828416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ArcService;Arc Service;d:\program files\Perfect World Entertainment\Arc\ArcService.exe;d:\program files\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 OSFMount;OSFMount;d:\program files\Counter-Strike Global Offensive\image\x64\OSFMount.sys;d:\program files\Counter-Strike Global Offensive\image\x64\OSFMount.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;d:\program files\Advanced SystemCare 7\ASCService.exe;d:\program files\Advanced SystemCare 7\ASCService.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - RTCORE64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:54 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 12:56]
.
2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22 22:32]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22 22:32]
.
2014-04-02 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 11:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-23 23:56 2471744 ----a-w- d:\program files\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2919168]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7204568]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\SecuROM\License information*]
"datasecu"=hex:b2,c3,4e,12,d4,aa,dd,40,f4,ec,34,b2,5f,30,a0,a3,48,ed,4b,70,96,
89,2e,b0,37,3f,50,65,bf,da,80,13,8a,18,47,ea,5e,cb,71,02,9c,45,b2,1f,e7,e2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:0000041b
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{1B2BD098-29D4-4752-81A2-CBFB8758ABC1}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.67.10"
"UniqueId"="000656D6528FD94F"
"ScannerBuild"=dword:00001fb8
"ScannerVersionId"=dword:000015d8
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(b):bc,23,bf,9b,92,1e,4d,2a
"ei1"=hex(b):ac,22,0b,73,5d,8d,00,00
"ei3"=hex(b):7c,d9,8f,52,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-02 10:41:29
ComboFix-quarantined-files.txt 2014-04-02 08:41
ComboFix2.txt 2014-04-01 21:28
ComboFix3.txt 2014-04-01 19:55
.
Pre-Run: 35 884 490 752 bytes free
Post-Run: 35 583 119 360 bytes free
.
- - End Of File - - D69DE6CD36CC7B50E8A64FF034AEA335

Re: Trojan v pc

Napsal: 02 dub 2014 11:15
od vyosek
Zdravim :)

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

:arrow: Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Re: Trojan v pc

Napsal: 02 dub 2014 11:23
od Ragnar3
no tak to neviem :/ ten combofix niekde odporučali tak som to stiahol a spustil. Myslím že to bolo tu http://forum.viry.cz/viewtopic.php?f=13&t=86204 , priznávam nebol som pozorný takže teraz som tak povediac v prdeli a nikto mi neporadí či ako? mám rovno preinšťalovať windows?

Re: Trojan v pc

Napsal: 02 dub 2014 11:26
od vyosek
:arrow: Priste muze byt pomoc odmitnuta

:arrow: Vidim ze jste jej spoustel nekolikrat - zabalte mi prosim celou slozku c:\qoobox a uploadnete na LP http://leteckaposta.cz/

:arrow: Log z MBAMu by jste tez mel??

Re: Trojan v pc

Napsal: 02 dub 2014 11:38
od Ragnar3
qoobox : http://leteckaposta.cz/866838983

malwarebytes: http://leteckaposta.cz/460157337

Re: Trojan v pc

Napsal: 02 dub 2014 11:43
od vyosek
:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze :?:

Re: Trojan v pc

Napsal: 02 dub 2014 11:47
od Ragnar3
Tento počítač som kupoval asi pred pol rokom ako skladaný vo hxxp://www.wirus.sk a žiaden software som na PC nemenil.

Re: Trojan v pc

Napsal: 02 dub 2014 11:58
od vyosek
:arrow: Pak byste mel mit nekde tzv. COA stitek s licencnimi udaji o windows, mate jej tam??

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Re: Trojan v pc

Napsal: 02 dub 2014 12:21
od Ragnar3
takže tu je extras :

OTL Extras logfile created on: 2. 4. 2014 13:15:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,95 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,41% Memory free
15,89 Gb Paging File | 13,67 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 33,23 Gb Free Space | 34,06% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 510,13 Gb Free Space | 61,18% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16E62CAE-C107-4FD7-97BB-14C6D749C02E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{18057A14-2A84-49D4-8992-AFA5317C6541}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{19A092B4-0D9B-4B3A-BA40-376F595B8E8C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{1C4673AB-9AF7-46FD-8BA7-9A2622C69177}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{24D61293-7AF6-4B9E-9A0F-2B50A00D0969}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{2777AE19-2988-485D-9A86-F9A95ACC6643}" = lport=139 | protocol=6 | dir=in | app=system |
"{27ACB3E5-29D5-4EE6-92F5-9BAAEA430432}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28CC9B84-5682-4ED6-B605-8EA52314D807}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2939029A-A487-48EC-ABD3-4F43CA565214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A87A3EF-68B3-4757-A11E-8BD3A78546A9}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2E0CA6DB-388F-4D16-A4D2-DCED7A4A8892}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FD91A8E-07B4-4B3F-859D-2CCBBAD494BC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{384753FC-AE44-4A8F-985A-B6B2C5E79C0D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{476F405A-976A-40C9-ACA7-180AEB8B03B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BE590AD-45EF-4733-9E52-76BF2EBEE41A}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4D543989-A5A2-4903-9DC9-C06A3E3D2B36}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{535ABFED-4FCE-4585-AA48-756D1BF7F5BB}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{5FB8DF0C-C2A5-4BE7-8706-442027148B5D}" = rport=137 | protocol=17 | dir=out | app=system |
"{77054D8C-F3C4-4019-A915-0196C530E90F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77AAC822-8A1A-45CA-B694-D458EC114A9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{789665B6-AF83-49D7-BD6B-6424EF8ABC54}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{7CCFDF7E-1930-402F-A4C9-F5FF9EB8403D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7F44DC73-AD2A-4CF0-AB76-03C3E410E516}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{8E33C5B6-4142-44A5-B346-CB67D31BC8E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{8ED12CCD-133B-4868-921A-87CF9B016DAB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{905BA46B-2369-4C1B-86A9-A9C1DD1D80D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{9138C552-B077-4316-B488-2A5CDB1C14BA}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9162A62A-FDF9-49C8-A292-62D795BA2584}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{94D07D7D-898E-4F51-9249-0A4BF95BE518}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{994F8EEE-4DBE-4863-AE03-AB060C71F8C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0031048-6CEA-4061-B10F-19FD7B61259C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A197F1C2-407C-413E-B054-8ABE5AA9F708}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A2435257-09C9-49A7-A416-BDE0478892C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3325BFD-593D-4581-84D4-83956777E8A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9CE988B-69F8-4298-831B-6D25D624F790}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{AAB1562B-8A04-4AC5-808D-4B4251F242D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1BCA08E-DA79-4911-AADC-19D251D88142}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B56D3F00-8881-4300-9EE8-EAEEA1F0D437}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BADFB5AB-B459-4149-A686-606F23E08ACD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF6AAF88-5002-4B4E-8BB6-7F07B1569A6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{C27E6548-2B94-4DE0-8872-EAC3C233D98D}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CDCECB77-DC48-45FC-968E-D4C8E9F57AEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1D1D661-9C85-45D3-A7B8-894A5501B07E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E3C2F0E2-DA33-48B7-86F9-A3ECEFB330EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E5E37F98-CFFF-4211-9E9A-64CCCD5E21B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E82C87B1-BB38-4FAB-9820-C235C9F15D8A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E94A2EED-5DAB-419D-BF3F-B70637139D65}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F182AC59-395F-45A1-BD8B-96BAB88F8D07}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{F2AE3695-868E-49EB-A424-6E5AE25377D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2D27302-C88F-4F39-B5AD-3FC7DB160341}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FB2EBA60-C419-4990-9C6E-78CB01818924}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED2AC9-30F9-4E4C-9459-018486709BA7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{0387A422-F62B-48C4-A0AD-E03B79DD7646}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{042EB6F4-335A-4911-847D-10A1D94DB683}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{046D731F-6C0A-4ED0-87A5-9129A932DDC5}" = protocol=17 | dir=in | app=d:\program files\hearthstone\hearthstone.exe |
"{07B9C2F3-FE6C-4A21-90EA-1A00CEED07E8}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{0D47F697-6FC7-45E0-98A7-BCF49CD6076D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0EC46D45-146F-46CB-BAF9-6F49BAB9C9DC}" = protocol=6 | dir=out | app=system |
"{10BF131C-E05F-4194-A752-169E6A9817B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13B454B8-8DA6-45B6-B7A5-267D07069A81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14A210BC-EEE1-4B8C-9F7A-E9F4EAFB495A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\launchpad.exe |
"{1568862B-38F1-476F-86DA-D8CE7CF3978D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16349028-B915-432B-9693-F5FADC53ABDD}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{1C86318A-3F64-4FED-9210-35E09CE073CB}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{21D1275A-3A91-4E23-BD89-2023EE6C50EC}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{21F2A403-630D-4A03-A338-EBFA0EE372D7}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{2ABC05F5-EDB7-4ABC-B860-E31354E667F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E15945A-E072-4B5F-AB54-3FD447EB9D3B}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\need for speed world\gamelauncher.exe |
"{2E299D5D-B8D8-4804-8778-2DCF52A2E95E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EF5A533-5111-40F8-9EA7-95258A406328}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30D8F434-FE2B-4299-81F8-07D53C755E46}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dayz\dayz.exe |
"{333562CC-C063-466E-9255-B7BFB5E30D89}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{380F8AE7-02D3-4D39-8DDE-F1C894AC5EEF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\free to play\ftp.exe |
"{3C4E2CCB-D069-4ED9-A56E-294004EDC463}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\garrysmod\hl2.exe |
"{3D20ED14-D45D-4E8E-83C5-E6657F275636}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{3EB2123F-7C17-4B44-940B-1040BD952D8B}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\half-life\hl.exe |
"{3F7ED53B-8B52-4D34-857F-ED5AAF91718B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\garrysmod\hl2.exe |
"{4044F018-FB94-49D0-95A7-719CFA3BEBCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4358D269-1A8E-4B7F-9C8F-1DB08C199BBB}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{46FA1C55-589F-4693-A9EC-7945811BCFAD}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{4B8AE493-55FD-4477-8D87-FCED702434F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DDD88A6-3C0A-48B7-8420-615EF2F482E5}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{5995D5A1-91E3-4B1B-A972-E75DF7B72544}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dayz\dayz.exe |
"{5CC358ED-2EE8-46CE-A3CB-E02F1C28B621}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E102924-8A30-4493-846B-36D39B111C23}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{6276C129-FECF-47B5-B8CE-0041F312F2BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67949965-79BC-4F30-A42C-59C7B3BBF5E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A27AFA8-19A8-4807-B337-E0BF5E07F9B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70796A17-DF17-4042-B7EB-54C18D4449BF}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe |
"{73AC3B4B-591E-4E17-A9A3-62237B827413}" = protocol=6 | dir=in | app=d:\program files\battle.net\battle.net.exe |
"{7430BE95-8F84-4C17-8FEA-BD88DA914B3C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{798DC380-64DE-4596-ADE5-8FB4B4BCB5C6}" = protocol=58 | dir=in | app=system |
"{85036CBA-E95E-4056-A4CB-CC7496EF76C5}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{859A9FEB-8BC0-48A6-AE65-C758479CAB6F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\launchpad.exe |
"{8783EF25-0198-403F-9D39-B44941002157}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{87CE1B76-4DDF-428D-B4B4-F925DD768FB1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89C2DF7B-ED88-40FC-8185-CF8FEF507686}" = protocol=6 | dir=in | name=splashtop |
"{8B826585-7020-4C8E-99DB-EE36C5E29619}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{93B52095-B9B1-464D-A1B8-53F3B7295855}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A36C100B-2BD6-4198-9625-B0DA553723FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe |
"{A494ED81-1230-4E9F-8B3A-3D25A73BBDA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7E2040B-0078-4E6D-8B64-3627B4176F9B}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\need for speed world\gamelauncher.exe |
"{A821A2BE-F210-41E8-B8E2-F82FBF1B9F16}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{AB2F44A5-2F0F-4000-BBE7-F47C4D24D676}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{AB6E0DE6-BC97-4C11-9695-A984340C02FD}" = protocol=17 | dir=in | app=d:\program files\battle.net\battle.net.exe |
"{AFC7F9A8-24AD-4935-89EC-9C61813F80BF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dayz\dayz.exe |
"{B4CE09D1-9B63-4B7B-A1CF-82E79B053BDA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{B8A60B87-3E47-4A31-A0AE-130CDE0D6CED}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dayz\dayz.exe |
"{BB2BFAC7-587B-4918-B32F-A0A05BBEC371}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C5BCA33C-2079-4EAC-88A8-FBD3D06D62ED}" = protocol=6 | dir=in | app=d:\program files\hearthstone\hearthstone.exe |
"{C6C721C5-7837-42F4-A9D1-0D100DB003D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C77BB528-6E7C-4450-B99F-2BC9E0CF3413}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C9B6F498-312A-46CF-B738-AEE0298096DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{D5B1D80B-30D1-4CD7-BCC5-B99071A01B9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE7E6302-B0D5-41FD-818F-32B367DD4015}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\free to play\ftp.exe |
"{DEA05A50-F372-43F1-83A1-55C59A24D5CC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\half-life\hl.exe |
"{E0D5F6B6-1094-499F-AB7A-AF9AA9DE0A39}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{E29B872D-F3F6-435F-85E7-CBB7998F8FC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E579F6CC-218E-4B37-B8DC-C9FA388F3A47}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EA6FD090-7F46-4777-96D7-030116B5B5F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EB9A67C5-1DE0-4AF7-B8BC-389E70B5A110}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{ECE348FA-5AE1-4D81-8B94-DA5BB5B2C51A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{F1794F5E-C947-4E22-A50A-214639FC8CD1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{F2E8C65D-6CA7-42CD-8E82-D9662037F53A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6815A39-C3BF-4E93-9F4F-F3949D3AD50F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F7A94503-0091-4022-821E-8654497EAA61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{FD37294F-5DA5-4DC8-92FB-0A234D7A6729}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{0DE95272-E53A-464E-8414-B2500AA52B79}D:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=d:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe |
"TCP Query User{22827714-E0C1-4BE6-92E7-53847E12267C}D:\program files\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=d:\program files\world_of_warplanes\wowplauncher.exe |
"TCP Query User{25415452-A1B4-4A94-92D4-3912164F1AAA}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{4988AFA4-F544-4EC5-A3E0-DD50F6D07CEB}D:\program files\data\nfsw.exe" = protocol=6 | dir=in | app=d:\program files\data\nfsw.exe |
"TCP Query User{539BA345-90E4-44A3-8148-C3F2B04B5292}D:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{973FC081-BC3C-451D-AD0F-FFD2A8AA730B}D:\program files\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{A9D722C4-9D6A-4EAB-8432-137AAD45772E}D:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe |
"TCP Query User{B22BB076-BF70-4207-99F8-F69D0EFD07B3}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{E3180103-3E04-40F6-AD4E-22ABCA7982DA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F525FCD7-8BA5-425E-8959-0424CA3CF7B2}D:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{FEE3688A-93A5-4CB2-B6CD-81B1AE4F7B4D}D:\program files\assassins creed iii\ac3sp.exe" = protocol=6 | dir=in | app=d:\program files\assassins creed iii\ac3sp.exe |
"TCP Query User{FF890BC7-08C5-4A07-BFA5-F1F08C96F88A}D:\program files\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\program files\world_of_tanks\wotlauncher.exe |
"UDP Query User{0D4A9448-5DC5-4B18-BE6A-659DF56ACD6C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{139BEACB-EE5B-4C25-8F87-6F3CBD0D8CBA}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{3A6B2442-86AF-4750-A006-0DDBD89B6683}D:\program files\assassins creed iii\ac3sp.exe" = protocol=17 | dir=in | app=d:\program files\assassins creed iii\ac3sp.exe |
"UDP Query User{3C3A5D1B-00D1-4511-A986-BEDCB782A234}D:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{5B619B8A-3DCB-469E-AE0A-30DA3C067A03}D:\program files\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\program files\world_of_tanks\wotlauncher.exe |
"UDP Query User{803B3383-ADA5-4165-B96F-B14E93B9EC3B}D:\program files\data\nfsw.exe" = protocol=17 | dir=in | app=d:\program files\data\nfsw.exe |
"UDP Query User{8EF2FB8E-8FEA-4ACD-B185-F303A6FDCE56}D:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe |
"UDP Query User{91544E5D-B693-4D8C-A677-E6B14BD077C5}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{922F5954-5711-4CAE-85D2-5BA89CD37630}D:\program files\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{970F53E1-AF87-4E37-A939-3732F52FF73D}D:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{9750FC6F-BEDE-467F-BD95-CEA73DDBE5A2}D:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=d:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe |
"UDP Query User{D26FC34C-47BA-4FBA-86EE-889E158448AB}D:\program files\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=d:\program files\world_of_warplanes\wowplauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B2BD098-29D4-4752-81A2-CBFB8758ABC1}" = ESET NOD32 Antivirus
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovládač zvuku HD 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}" = Need For Speed™ World
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{847CAE64-4CD2-4B2D-AF00-978FF5431051}" = Nero 7 Ultra Edition
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{91BA5476-8B26-49E4-84B2-9EFE10917B33}" = LogMeIn Hamachi
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93BF004-1A2B-4AA3-AE60-98C0A4E7B696}" = Minecraft
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A6C690-C12C-4E7A-B4BD-958678215418}" = 3DMark
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Assassins Creed III_is1" = Assassins Creed III 1.05
"Battle.net" = Battle.net
"bi_uninstaller" = Bundled software uninstaller
"BitRaider Web Client" = BitRaider Web Client
"BSPlayerf" = BS.Player FREE
"Car Mechanic Simulator 2014.v 1.0.6.0_is1" = Car Mechanic Simulator 2014.v 1.0.6.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Booster_is1" = Driver Booster
"Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s" = Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 2.00.0.1000
"Minecraft1.7.2" = Minecraft1.7.2
"MTA:SA 1.3" = MTA:SA v1.3.5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PrecisionX" = EVGA Precision X 4.2.1
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Smart Defrag 3_is1" = Smart Defrag 3
"Splashtop Software Updater" = Splashtop Software Updater
"Steam" = Steam
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 218230" = PlanetSide 2
"Steam App 221100" = DayZ
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"The Elder Scrolls Online Beta_is1" = The Elder Scrolls Online Beta
"The Elder Scrolls V Skyrim LE_is1" = The Elder Scrolls V Skyrim LE
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1. 4. 2014 17:44:23 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1. 4. 2014 17:44:24 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1. 4. 2014 17:44:24 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1. 4. 2014 17:44:24 | Computer Name = admin-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1. 4. 2014 17:44:24 | Computer Name = admin-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 1. 4. 2014 17:50:09 | Computer Name = admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 4. 2014 17:50:09 | Computer Name = admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2014 4:31:04 | Computer Name = admin-PC | Source = Winlogon | ID = 4103
Description = Aktivácia licencie systému Windows zlyhala. Chyba: 0x80070005.

Error - 2. 4. 2014 4:37:13 | Computer Name = admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2014 4:37:13 | Computer Name = admin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 1. 4. 2014 15:54:59 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = Služba LiveUpdate sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1-krát.

Error - 1. 4. 2014 17:26:17 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 1. 4. 2014 17:27:42 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 1. 4. 2014 17:44:24 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search bola ukončená s chybou služby %%-1073473535.

Error - 1. 4. 2014 17:44:46 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

Error - 1. 4. 2014 17:45:02 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = Služba LiveUpdate sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1-krát.

Error - 1. 4. 2014 17:45:16 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7032
Description = Správca riadenia služieb sa po neočakávanom ukončení služby Windows
Search pokúsil vykonať opravnú akciu (Reštartovať službu), ale táto činnosť zlyhala
s nasledujúcou chybou: %%1056

Error - 2. 4. 2014 4:32:06 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = Služba LiveUpdate sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1-krát.

Error - 2. 4. 2014 4:39:12 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 2. 4. 2014 4:40:28 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.


< End of report >

Re: Trojan v pc

Napsal: 02 dub 2014 12:23
od Ragnar3
a tu je OTL :

OTL logfile created on: 2. 4. 2014 13:15:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,95 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,41% Memory free
15,89 Gb Paging File | 13,67 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 33,23 Gb Free Space | 34,06% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 510,13 Gb Free Space | 61,18% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014/04/02 13:09:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2014/03/24 16:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2014/03/15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/11 18:08:58 | 002,288,928 | ---- | M] (IObit) -- D:\Program files\Advanced SystemCare 7\ASCTray.exe
PRC - [2014/02/05 11:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/01/14 15:50:06 | 000,881,952 | ---- | M] (IObit) -- D:\Program files\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/21 14:21:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/09 05:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/07/18 02:28:14 | 000,627,016 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
PRC - [2012/05/22 02:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2000/01/01 02:00:00 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2000/01/01 02:00:00 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/28 21:32:04 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d876d6ee8ee73a29e2fc0f01077442b7\IAStorUtil.ni.dll
MOD - [2014/03/28 21:32:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\fe6178cc4aed6f742386d913405faccf\IAStorCommon.ni.dll
MOD - [2014/03/25 08:54:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2014/03/25 08:53:50 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ab05e391c7739a230789a333071987fc\System.Windows.Forms.ni.dll
MOD - [2014/03/25 08:53:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2014/03/25 08:53:38 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2014/03/25 08:53:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2014/03/25 08:53:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2014/03/25 08:53:31 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2014/03/25 08:53:25 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2014/03/15 02:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 02:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 02:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 02:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 02:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 02:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2013/07/18 02:28:14 | 000,627,016 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2013/05/15 18:49:16 | 000,587,776 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2013/05/15 18:49:02 | 000,216,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2013/05/15 18:49:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2013/05/15 18:49:00 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2013/05/15 18:48:52 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2013/01/15 19:47:56 | 000,893,248 | ---- | M] () -- D:\Program files\Advanced SystemCare 7\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/08/27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/25 10:36:59 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2014/03/24 16:07:36 | 000,790,880 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2014/03/12 14:56:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/26 20:57:32 | 002,224,976 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/02/26 10:50:04 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/02/25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/24 18:35:44 | 000,088,400 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- D:\Program files\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/14 15:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- D:\Program files\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/12/21 14:21:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/03 17:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 05:47:54 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/12/17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2000/01/01 02:00:00 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2000/01/01 02:00:00 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/02 11:13:04 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/28 20:58:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2014/03/28 20:58:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2014/03/24 10:28:05 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2014/03/24 02:06:20 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/24 11:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/11/28 15:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/23 12:43:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/22 02:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/22 02:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/22 02:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2000/01/01 02:00:00 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV - [2014/03/25 11:02:41 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
DRV - [2013/07/18 02:28:12 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 6F B6 02 D2 E7 CE 01 [binary data]
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... IB_skSK563
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{748F0022-98AD-48C1-8A81-0C1F2CFC6531}: "URL" = http://search.conduit.com/ResultsExt.as ... 32303&UM=1
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.1.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: D:\Program files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/11/23 00:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/11/23 00:23:00 | 000,000,000 | ---D | M]

[2013/12/04 20:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2014/03/24 01:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions
[2014/03/24 01:56:12 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\ascsurfingprotection@iobit.com
[2014/01/24 20:53:49 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\cryenginebrowserplugin@crytek.com
[2014/03/21 08:58:02 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com
[2013/12/06 22:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles43f2dyk0.default\extensions
[2013/12/06 22:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles43f2dyk0.default\extensions\staged
[2013/08/08 14:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\gophoto@gophoto.it.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WebSite Recommendation = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopdpbolklklaiookikgmdinfbooiipj\4.2_0\
CHR - Extension: Peňaženka Google = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/04/01 21:54:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - D:\Program files\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Program files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (BS Player ControlBar Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BS Player ControlBar Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\Toolbar\WebBrowser: (BS Player ControlBar Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Updater] C:\ProgramData\Adobe\Color.vbs ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [Advanced SystemCare 7] D:\Program files\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [uTorrent] C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53ABBBC-55F8-4985-926F-FADAEE2570C2}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/01 22:15:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.RTV1 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014/04/02 13:09:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2014/04/02 10:41:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/02 10:41:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/01 23:37:34 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/01 23:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/01 23:37:21 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/01 23:37:21 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/01 23:37:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/01 23:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/01 23:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/01 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/04/01 22:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/01 21:48:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/01 21:48:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/01 21:48:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/01 21:46:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/01 21:46:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/29 00:23:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Splashtop
[2014/03/29 00:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2014/03/29 00:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2014/03/29 00:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2014/03/28 20:58:15 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2014/03/28 20:58:15 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2014/03/28 20:58:15 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/03/28 20:58:15 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2014/03/28 20:58:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2014/03/28 20:58:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2014/03/28 20:58:15 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2014/03/28 20:58:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/03/28 20:58:00 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/03/26 17:18:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\logs
[2014/03/26 16:51:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\.StarMade
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014/04/02 13:16:48 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/04/02 13:09:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2014/04/02 13:00:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/02 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/02 11:13:04 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/02 11:06:04 | 000,069,349 | ---- | M] () -- C:\Users\admin\Desktop\eset obrazok.jpg
[2014/04/02 10:37:13 | 000,783,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/02 10:37:13 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/02 10:37:13 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/02 10:31:50 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/04/02 10:31:10 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/02 10:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/02 10:30:53 | 2104,647,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/01 23:37:24 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/01 22:15:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/04/01 21:54:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/01 21:53:27 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/04/01 21:53:10 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/01 21:53:10 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/29 17:32:28 | 000,351,717 | ---- | M] () -- C:\Users\admin\Desktop\Recount 3.3.5a.zip
[2014/03/29 17:30:48 | 000,159,246 | ---- | M] () -- C:\Users\admin\Desktop\ClassTimer-2.3.30300.4.zip
[2014/03/29 17:29:02 | 000,007,859 | ---- | M] () -- C:\Users\admin\Desktop\Cooldowns_1_3_3.zip
[2014/03/28 20:58:15 | 002,566,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2014/03/28 20:58:15 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2014/03/28 20:58:15 | 000,187,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/03/28 20:58:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2014/03/28 20:58:15 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2014/03/28 20:58:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2014/03/28 20:58:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2014/03/28 20:58:00 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/03/28 20:58:00 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/02 13:16:48 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/04/02 11:06:04 | 000,069,349 | ---- | C] () -- C:\Users\admin\Desktop\eset obrazok.jpg
[2014/04/01 23:37:24 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/01 22:15:36 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/04/01 21:53:27 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/04/01 21:48:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/01 21:48:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/01 21:48:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/01 21:48:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/01 21:48:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/29 17:32:24 | 000,351,717 | ---- | C] () -- C:\Users\admin\Desktop\Recount 3.3.5a.zip
[2014/03/29 17:30:47 | 000,159,246 | ---- | C] () -- C:\Users\admin\Desktop\ClassTimer-2.3.30300.4.zip
[2014/03/29 17:29:02 | 000,007,859 | ---- | C] () -- C:\Users\admin\Desktop\Cooldowns_1_3_3.zip
[2014/03/26 14:15:37 | 007,217,152 | ---- | C] () -- C:\Windows\SysWow64\CrypticError.exe
[2014/01/04 12:34:12 | 000,000,770 | ---- | C] () -- C:\Windows\disney.ini
[2014/01/04 12:34:10 | 000,000,197 | ---- | C] () -- C:\Windows\disneysy.ini
[2013/12/19 19:23:28 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/19 19:23:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/02 18:06:02 | 000,007,606 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
[2013/11/23 05:46:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/23 00:36:06 | 000,768,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/23 00:20:46 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/11/23 00:20:46 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/11/23 00:20:46 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/11/23 00:20:45 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/11/23 00:20:44 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/11/23 00:07:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/11/23 00:07:41 | 000,040,275 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 10:37:01 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 10:37:01 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/25 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2013/11/23 05:50:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.mono
[2014/03/26 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.StarMade
[2014/03/26 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Arc
[2014/03/16 09:36:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Awesomium
[2014/03/13 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Battle.net
[2014/02/24 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BSplayer
[2013/11/29 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BSplayer Pro
[2014/03/22 18:27:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CloudPanel
[2014/03/19 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.valve.FTP
[2014/03/26 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2013/11/23 00:17:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER
[2014/04/01 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2013/12/29 14:04:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MetaQuotes
[2014/02/26 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Need for Speed World
[2014/02/26 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2013/12/27 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecondLife
[2013/11/23 12:46:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Seznam.cz
[2014/03/26 12:47:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpaceEngineers
[2014/03/25 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TERA
[2014/03/11 13:21:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Theta
[2013/11/23 05:52:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2014/04/02 10:31:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2014/03/25 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,556 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/11/23 00:29:37 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/23 00:32:22 | 000,000,930 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/23 00:32:22 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/23 05:41:41 | 000,000,410 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131123T034202816826\gencdrom\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20131218T142009994486\gencdrom\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140213T122105446149\gencdrom\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Users\admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20140220T063719403797\gencdrom\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2014/03/24 09:46:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2014/03/24 09:46:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2014/03/24 09:46:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2014/03/24 09:46:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\erdnt\cache86\explorer.exe
[2014/03/24 09:46:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2014/03/24 09:46:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2014/03/24 09:46:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2014/03/24 09:46:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2014/03/24 09:46:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2014/03/24 09:46:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2014/03/24 09:46:25 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache86\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\erdnt\cache64\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014/03/24 11:08:29 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\erdnt\cache64\tcpip.sys
[2014/03/24 11:08:29 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/03/24 11:08:29 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2014/03/24 11:08:29 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2014/03/24 11:08:29 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2014/03/24 11:08:29 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014/03/24 09:46:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2014/03/24 09:46:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/03/24 09:46:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2014/03/24 09:46:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014/03/25 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2013/11/23 05:50:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.mono
[2014/03/26 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.StarMade
[2014/01/09 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2013/11/23 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ahead
[2014/03/24 01:56:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2014/03/26 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Arc
[2014/03/16 09:36:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Awesomium
[2014/03/13 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Battle.net
[2014/02/24 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BSplayer
[2013/11/29 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BSplayer Pro
[2014/03/22 18:27:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CloudPanel
[2014/03/19 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.valve.FTP
[2014/03/26 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2013/11/23 00:17:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GHISLER
[2013/11/23 00:34:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Google
[2013/11/23 00:04:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2013/11/23 00:11:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InstallShield
[2013/11/23 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Intel Corporation
[2014/04/01 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2013/11/23 00:30:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2009/07/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2013/12/29 14:04:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MetaQuotes
[2014/04/01 22:32:49 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2013/12/04 20:00:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2014/02/26 23:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Need for Speed World
[2013/11/25 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NVIDIA
[2014/02/26 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2013/12/27 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecondLife
[2013/12/14 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecuROM
[2013/11/23 12:46:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Seznam.cz
[2014/03/23 09:59:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Skype
[2014/03/26 12:47:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpaceEngineers
[2014/03/25 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TERA
[2014/03/11 13:21:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Theta
[2013/11/23 05:52:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Unity
[2014/04/02 10:31:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent
[2014/03/25 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net

< %APPDATA%\*.exe /s >
[2013/12/13 14:50:16 | 001,109,677 | ---- | M] (TeamExtreme) -- C:\Users\admin\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
[2014/03/24 00:16:35 | 000,069,254 | ---- | M] () -- C:\Users\admin\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
[2009/08/11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012/10/11 10:01:20 | 001,175,371 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\admin\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2014/01/29 01:58:24 | 000,828,416 | ---- | M] () -- C:\Users\admin\AppData\Roaming\CloudPanel\CloudPanelLauncher.exe
[2014/01/26 21:18:00 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
[2013/11/23 05:54:42 | 001,142,864 | ---- | M] (BitTorrent Inc.) -- C:\Users\admin\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
[2014/01/26 21:18:00 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\admin\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014/04/02 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/04/02 10:31:10 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/04/02 13:00:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/04/02 10:31:50 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG)
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2013/11/23 00:32:33 | 000,039,408 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013/03/14 10:23:30 | 003,672,640 | ---- | M] (Disc Soft Ltd)
"uTorrent" = "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED -- [2014/01/26 21:18:00 | 000,905,296 | ---- | M] (BitTorrent Inc.)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2014/02/20 22:45:06 | 006,161,176 | ---- | M] (Piriform Ltd)
"Advanced SystemCare 7" = "D:\Program files\Advanced SystemCare 7\ASCTray.exe" /Auto -- [2014/02/11 18:08:58 | 002,288,928 | ---- | M] (IObit)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014/03/24 11:12:33 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/03/15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.) MD5=3A924B200D86590D2C83214CEBFA9742 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/04/02 13:16:48 | 000,000,512 | ---- | M] () MD5=A4F00CD6FFFAC63D6F1E67CF2F231980 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014/02/23 19:02:53 | 077,692,928 | R--- | M] () -- \Users\admin\Downloads\Courage The Cowardly Dog (1999-2002)\Season 4\4012- The Nutcracker.avi

< *keygen* /s >
[2007/04/15 01:00:00 | 000,032,804 | ---- | M] () -- \totalcmd\KeyGen.exe

< *loader* /s >
[2007/06/27 20:03:00 | 000,177,448 | ---- | M] () -- \Program Files (x86)\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2013/12/24 12:09:02 | 002,265,408 | ---- | M] () -- \Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe
[2013/12/24 12:09:02 | 002,265,408 | ---- | M] () -- \Program Files (x86)\IObit\Driver Booster\Freeware\Driver_Booster_FreeSoftwareDownloader.exe
[2014/03/10 19:16:52 | 001,756,448 | ---- | M] () -- \Program Files (x86)\IObit\Smart Defrag 3\ActionCenterDownloader.exe
[2012/11/29 10:57:48 | 000,059,904 | ---- | M] () -- \Program Files (x86)\MSI Kombustor 2.5\KLoaderWin32.exe
[2011/07/06 12:55:18 | 000,064,352 | ---- | M] () -- \Program Files (x86)\MSI Kombustor 2.5\PhysXLoader.dll
[2014/02/05 11:31:23 | 001,169,184 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013/12/20 02:37:56 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/12/20 02:37:56 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013/12/20 02:37:44 | 000,073,536 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/12/20 02:37:44 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2011/10/08 02:34:22 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2011/10/08 02:34:22 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2011/10/08 02:34:22 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2011/10/08 02:34:22 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2005/06/07 13:25:46 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2014/02/05 11:31:23 | 001,169,184 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{1BB61DE2-78C1-4C34-98DD-25BB8AEA1600}\ExtensionLoader.dll
[2013/11/14 13:55:31 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{82BA616C-3F99-4E95-8EF8-FFC6906A25AB}\ExtensionLoader.dll
[2014/02/05 11:31:23 | 001,169,184 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{ECD25B92-F63F-4F80-8083-F58AC5814A54}\ExtensionLoader.dll
[2014/04/02 10:32:29 | 000,096,772 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2014/02/26 15:49:10 | 000,806,400 | ---- | M] () -- \ProgramData\MTA San Andreas All\1.3\upcache\_mtasa-1.3.5-rc-06162-0-000-files-all-cksummed.rar_tmp_\MTA\loader.dll
[2014/02/27 11:21:40 | 000,836,608 | ---- | M] () -- \ProgramData\MTA San Andreas All\1.3\upcache\_mtasa-1.3.5-rc-06162-0-000-files-all-cksummed.rar_tmp__bak_\MTA\loader.dll
[2013/11/11 15:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013/11/11 15:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013/11/11 15:39:40 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/11/11 15:39:40 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/11/11 15:39:40 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2013/11/23 05:55:38 | 000,002,545 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif
[2013/11/23 05:55:38 | 000,002,545 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif
[2013/11/23 05:55:38 | 000,006,331 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif
[2013/11/23 05:55:38 | 000,002,545 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif
[2013/11/23 05:55:38 | 000,002,545 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif
[2013/11/23 05:55:38 | 000,002,545 | ---- | M] () -- \Users\admin\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif
[2014/03/25 10:13:21 | 000,251,103 | ---- | M] () -- \Users\admin\AppData\Roaming\.minecraft\ForgeModLoader-client-0.log
[2014/03/25 09:11:36 | 000,000,000 | ---- | M] () -- \Users\admin\AppData\Roaming\.minecraft\ForgeModLoader-client-0.log.lck
[2014/03/24 21:34:44 | 000,254,895 | ---- | M] () -- \Users\admin\AppData\Roaming\.minecraft\ForgeModLoader-client-1.log
[2014/03/24 15:34:50 | 000,256,737 | ---- | M] () -- \Users\admin\AppData\Roaming\.minecraft\ForgeModLoader-client-2.log
[2014/02/20 17:45:10 | 000,000,411 | ---- | M] () -- \Users\admin\AppData\Roaming\Unity\WebPlayerPrefs\cdn_2dtx3_2egalapagosgames_2ecom\prefunity-scenes-loader_2eunity3d.upp
[2014/04/02 10:32:29 | 000,096,772 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2014/02/26 15:49:10 | 000,806,400 | ---- | M] () -- \Users\All Users\MTA San Andreas All\1.3\upcache\_mtasa-1.3.5-rc-06162-0-000-files-all-cksummed.rar_tmp_\MTA\loader.dll
[2014/02/27 11:21:40 | 000,836,608 | ---- | M] () -- \Users\All Users\MTA San Andreas All\1.3\upcache\_mtasa-1.3.5-rc-06162-0-000-files-all-cksummed.rar_tmp__bak_\MTA\loader.dll
[2013/11/11 15:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013/11/11 15:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013/11/11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/11/11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/11/11 15:39:40 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2014/04/02 13:09:37 | 000,018,390 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-8405D981.pf
[2014/03/24 11:07:34 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014/03/24 11:07:34 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:01 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:33 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:04:59 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:32 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:42 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 09:44:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 09:44:39 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 09:44:39 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 09:44:39 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 09:44:39 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2014/03/24 09:55:07 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2014/03/24 09:55:07 | 000,640,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.efi_75834aa0
[2014/03/24 09:55:07 | 000,603,976 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.exe_75835076
[2014/03/24 09:55:07 | 000,556,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.efi_85cd069f
[2014/03/24 09:55:07 | 000,518,160 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 09:43:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2014/03/24 09:54:59 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2014/03/24 09:54:59 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2014/03/24 09:54:59 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2014/03/24 09:54:59 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:40 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:01 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:14 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 10:51:42 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:05:04 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/24 11:07:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT

< End of report >

Re: Trojan v pc

Napsal: 02 dub 2014 12:32
od vyosek
:arrow: Odinstalujte Advanced SystemCare a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
SRV - [2014/01/14 15:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- D:\Program files\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
DRV:64bit: - [2013/12/24 11:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 6F B6 02 D2 E7 CE 01 [binary data]
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_skSK563
IE - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\SearchScopes\{748F0022-98AD-48C1-8A81-0C1F2CFC6531}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559&CUI=UN69318713144732303&UM=1
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.1.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
[2014/03/24 01:56:12 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\ascsurfingprotection@iobit.com
[2014/01/24 20:53:49 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\cryenginebrowserplugin@crytek.com
[2014/03/21 08:58:02 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com
[2013/08/08 14:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\gophoto@gophoto.it.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (BS Player ControlBar Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BS Player ControlBar Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..\Toolbar\WebBrowser: (BS Player ControlBar Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Updater] C:\ProgramData\Adobe\Color.vbs ()
O4 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000..\Run: [Advanced SystemCare 7] D:\Program files\Advanced SystemCare 7\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-525872782-3713464005-3976650588-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/04/01 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/04/01 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2014/04/02 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/04/02 10:31:10 | 000,000,930 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/04/02 13:00:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/04/02 10:31:50 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT

:services
LiveUpdateSvc
SkypeUpdate
X6va016

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"swg"=-
"DAEMON Tools Lite"=-
"uTorrent"=-
"CCleaner Monitoring"=-
"Advanced SystemCare 7"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Updater"=-
"Adobe ARM"=-
"LogMeIn Hamachi Ui"=-

:files
C:\Program Files (x86)\BS_Player_ControlBar
C:\Program Files (x86)\IObit
D:\Program files\Advanced SystemCare 7
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Trojan v pc

Napsal: 02 dub 2014 12:46
od Ragnar3
log po reštarte :

All processes killed
========== OTL ==========
Error: No service named AdvancedSystemCareService7 was found to stop!
Service\Driver key AdvancedSystemCareService7 not found.
File D:\Program files\Advanced SystemCare 7\ASCService.exe not found.
Service SmartDefragDriver stopped successfully!
Service SmartDefragDriver deleted successfully!
C:\Windows\SysNative\drivers\SmartDefragDriver.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll not found.
HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\SearchScopes\{748F0022-98AD-48C1-8A81-0C1F2CFC6531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{748F0022-98AD-48C1-8A81-0C1F2CFC6531}\ not found.
Prefs.js: "false" removed from browser.search.useDBForOrder
Prefs.js: cryenginebrowserplugin%40crytek.com:0.39.0 removed from extensions.enabledAddons
Prefs.js: WebSiteRecommendation%40weliketheweb.com:1.1.2 removed from extensions.enabledAddons
Prefs.js: ascsurfingprotection%40iobit.com:1.0 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 removed from extensions.enabledAddons
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\ascsurfingprotection@iobit.com folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\cryenginebrowserplugin@crytek.com\plugins\licences folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\cryenginebrowserplugin@crytek.com\plugins folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\cryenginebrowserplugin@crytek.com folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome\skin\classic folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome\skin folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome\locale\en-US folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome\locale folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome\content folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com\chrome folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\WebSiteRecommendation@weliketheweb.com folder moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\extensions\gophoto@gophoto.it.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll not found.
Registry value HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
File C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Updater deleted successfully.
C:\ProgramData\Adobe\Color.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
File D:\Program files\Advanced SystemCare 7\ASCTray.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\admin\AppData\Roaming\IObit folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\SlimDrivers Startup.job moved successfully.
ADS C:\ProgramData\MTA San Andreas All:NT deleted successfully.
ADS C:\ProgramData:NT deleted successfully.
========== SERVICES/DRIVERS ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service X6va016 stopped successfully!
Service X6va016 deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Updater not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui deleted successfully.
========== FILES ==========
C:\Program Files (x86)\BS_Player_ControlBar folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Update folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Temp folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Skins\White folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Skins\Blue folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Skins\Black folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Skins folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\SDReport folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Language folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Help\img folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Help folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Extension folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wxp_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wxp_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wnet_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wnet_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wlh_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\wlh_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win8_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win8_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win7_x86 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers\win7_x64 folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\drivers folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Database folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\UninstallerFree folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
Folder move failed. D:\Program files\Advanced SystemCare 7 scheduled to be moved on reboot.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 6659930 bytes
->Temporary Internet Files folder emptied: 475483 bytes
->Java cache emptied: 16419379 bytes
->FireFox cache emptied: 3127083 bytes
->Google Chrome cache emptied: 98465639 bytes
->Flash cache emptied: 609 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3917264 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 123,00 mb


[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04022014_134833

Files\Folders moved on Reboot...
File\Folder D:\Program files\Advanced SystemCare 7 not found!
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Trojan v pc

Napsal: 02 dub 2014 13:04
od vyosek
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Trojan v pc

Napsal: 02 dub 2014 13:16
od Ragnar3
AdwCleaner log po reštarte:

# AdwCleaner v3.023 - Report created 02/04/2014 at 14:18:53
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\admin\AppData\Local\Conduit
Folder Deleted : C:\Users\admin\AppData\Local\CrashRpt
Folder Deleted : C:\Users\admin\AppData\Local\genienext
Folder Deleted : C:\Users\admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\LocalLow\BS_Player_ControlBar
Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\admin\Documents\Mobogenie
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7745BC36-3A06-4EAF-B58A-BD108003DD42}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30EC37E3-8F25-4E46-B0FD-2E936556316B}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\BS_Player_ControlBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Deleted : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\43f2dyk0.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3958 octets] - [02/04/2014 14:17:56]
AdwCleaner[S0].txt - [3825 octets] - [02/04/2014 14:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3885 octets] ##########

Re: Trojan v pc

Napsal: 02 dub 2014 13:21
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Restore::
c:\windows\SysWOW64\user32.dll

RegNull::
[HKEY_USERS\S-1-5-21-525872782-3713464005-3976650588-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz