VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Ruský Malware

https://forum.viry.cz:443/viewtopic.php?t=140121

Stránka 1 z 1

Ruský Malware

Napsal: 08 zář 2014 15:09
od seebo
Zdravím. Tak sa mi dnes v počítači vyskytol nejaký probém. Po zapnutí počítača sa mi automaticky zapne mozilla firefox a nahodi mi to nejakú ruskú stránku. NOD32 mi ju po aktualicácii zablokoval. Počítač sa zapína veľmi pomaly (mám Windows 8 64bit)
Stránka ma názov extendedunlimited.org

tu je LOG :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Darth Wader (administrator) on DARTHWADER on 08-09-2014 16:02:54
Running from C:\Users\Darth Wader\Desktop
Platform: Windows 8 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(forum.viry.cz) C:\Users\Darth Wader\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\MountPoints2: F - "F:\dvdcheck.exe"
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\MountPoints2: G - "G:\dvdcheck.exe"
HKU\S-1-5-21-1415516972-2411298999-134058401-1002\...\MountPoints2: {49ddb194-0f31-11e4-be85-00c2c60dbb36} - "F:\Startme.exe"
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {6B9B205A-BFC0-42F0-B8A8-636D78AD58AE} URL = http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
SearchScopes: HKLM-x32 - {6B9B205A-BFC0-42F0-B8A8-636D78AD58AE} URL = http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
SearchScopes: HKCU - {6B9B205A-BFC0-42F0-B8A8-636D78AD58AE} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Darth Wader\AppData\Roaming\Mozilla\Firefox\Profiles\x14qedx1.default
FF Homepage: google.sk
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: MEGA - C:\Users\Darth Wader\AppData\Roaming\Mozilla\Firefox\Profiles\x14qedx1.default\Extensions\firefox@mega.co.nz.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\Darth Wader\AppData\Roaming\Mozilla\Firefox\Profiles\x14qedx1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-24]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-08]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.sk/"
CHR Profile: C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-22]
CHR Extension: (Disk Google) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-22]
CHR Extension: (Adblock Plus) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-22]
CHR Extension: (Hľadať v Google) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-22]
CHR Extension: (Peňaženka Google) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
CHR Extension: (Gmail) - C:\Users\Darth Wader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-05-03] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-05] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-23] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-07-20] (Sony Mobile Communications)
S3 L6PODHD4; C:\Windows\System32\Drivers\L6PODHD464.sys [772864 2013-09-23] (Line 6)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:02 - 2014-09-08 16:03 - 00021314 _____ () C:\Users\Darth Wader\Desktop\FRST.txt
2014-09-08 16:02 - 2014-09-08 16:02 - 00029696 _____ () C:\Users\Darth Wader\AppData\Local\MSGBOX.EXE
2014-09-08 16:02 - 2014-09-08 16:02 - 00015327 _____ () C:\Users\Darth Wader\Desktop\LM.bat
2014-09-08 16:02 - 2014-09-08 16:02 - 00000000 ____D () C:\FRST
2014-09-08 15:58 - 2014-09-08 15:59 - 00000000 ____D () C:\Users\Darth Wader\Documents\Flight Simulator X Files
2014-09-08 15:56 - 2014-09-08 15:56 - 00096009 _____ () C:\windows\DirectX.log
2014-09-08 15:56 - 2014-09-08 15:56 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-08 15:53 - 2014-09-08 15:53 - 02105344 _____ (Farbar) C:\Users\Darth Wader\Desktop\FRST64.exe
2014-09-08 15:53 - 2014-09-08 15:53 - 00112640 _____ (forum.viry.cz) C:\Users\Darth Wader\Desktop\FRSTLauncher.exe
2014-09-08 15:42 - 2014-09-08 15:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-08 15:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-08 15:30 - 2014-09-08 15:33 - 00000000 ____D () C:\AdwCleaner
2014-09-08 15:30 - 2014-09-08 15:30 - 01370467 _____ () C:\Users\Darth Wader\Downloads\adwcleaner_3.309.exe
2014-09-08 15:26 - 2014-09-08 15:26 - 00000761 _____ () C:\Users\Darth Wader\Desktop\JRT.txt
2014-09-08 15:21 - 2014-09-08 15:21 - 00000000 ____D () C:\windows\ERUNT
2014-09-08 15:20 - 2014-09-08 15:20 - 01016261 _____ (Thisisu) C:\Users\Darth Wader\Downloads\JRT.exe
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\ProgramData\ESET
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\Program Files\ESET
2014-09-08 15:02 - 2014-09-08 15:02 - 01695680 _____ (ESET) C:\Users\Darth Wader\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-08 15:00 - 2014-09-08 15:00 - 00002292 _____ () C:\Users\Darth Wader\Documents\cc_20140908_150000.reg
2014-09-08 14:42 - 2014-09-08 14:42 - 00000845 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-09-08 14:42 - 2014-09-08 14:42 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\PowerISO
2014-09-08 14:42 - 2014-09-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-09-08 14:41 - 2014-09-08 14:42 - 00000000 ____D () C:\Program Files\PowerISO
2014-09-08 14:41 - 2014-03-11 09:00 - 00129944 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys
2014-09-08 14:39 - 2014-09-08 14:39 - 00014492 _____ () C:\Users\Darth Wader\Documents\cc_20140908_143947.reg
2014-09-08 09:13 - 2014-09-08 09:13 - 00839584 _____ () C:\windows\Minidump\090814-59187-01.dmp
2014-09-08 09:12 - 2014-09-08 09:12 - 582188350 _____ () C:\windows\MEMORY.DMP
2014-09-07 20:39 - 2014-09-07 20:39 - 00058464 _____ () C:\Users\Darth Wader\Downloads\Inconsolata.otf
2014-09-06 00:15 - 2014-09-06 00:15 - 00000000 ____D () C:\Users\Public\Documents\Line 6
2014-09-06 00:12 - 2014-09-06 00:15 - 00000000 ____D () C:\Users\Darth Wader\Documents\Full Session
2014-09-06 00:11 - 2014-09-06 00:11 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Trillium Lane
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\PACE Anti-Piracy
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\Users\Darth Wader\AppData\Local\PACE Anti-Piracy
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-09-05 23:57 - 2014-09-06 00:11 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Avid
2014-09-05 23:57 - 2014-09-05 23:57 - 00001984 _____ () C:\Users\Public\Desktop\Pro Tools 10.lnk
2014-09-05 23:57 - 2014-09-05 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2014-09-05 23:53 - 2014-09-05 23:53 - 00000000 ____D () C:\Program Files\Avid
2014-09-05 23:53 - 2014-09-05 23:53 - 00000000 ____D () C:\Program Files (x86)\Avid
2014-09-05 23:49 - 2014-09-05 23:49 - 00000000 ____D () C:\ProgramData\PACE
2014-09-05 23:47 - 2014-09-05 23:47 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2014-09-05 23:47 - 2014-09-05 23:47 - 00002088 _____ () C:\Users\Public\Desktop\iLok License Manager.lnk
2014-09-05 23:47 - 2014-09-05 23:47 - 00000000 ____D () C:\Program Files (x86)\iLok License Manager
2014-09-05 23:42 - 2014-09-05 23:42 - 00000000 ____D () C:\Users\Darth Wader\Desktop\Pro Tools 10.3.7 Setup files
2014-09-05 22:21 - 2014-09-05 22:21 - 03424300 _____ () C:\Users\Darth Wader\Desktop\mar.wav
2014-09-05 22:15 - 2014-09-05 22:32 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Pro.Tools.HD.10.3.7-WIN
2014-09-04 13:25 - 2014-09-04 13:25 - 00002046 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-04 13:25 - 2014-09-04 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-04 13:22 - 2014-09-04 13:25 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-04 12:35 - 2014-09-04 13:09 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-04 08:36 - 2014-09-04 08:51 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sims 4 PC full game (Origins) Multi17 ^^nosTEAM^^
2014-09-02 21:03 - 2014-09-02 21:03 - 00068238 _____ () C:\Users\Darth Wader\Documents\ggfds.gpx
2014-09-02 19:47 - 2014-09-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-30 21:24 - 2014-09-02 21:14 - 04494892 _____ () C:\Users\Darth Wader\Desktop\Squard.wav
2014-08-30 18:16 - 2014-08-31 21:51 - 00023554 _____ () C:\Users\Darth Wader\Desktop\Squard.gpx
2014-08-30 17:11 - 2014-08-30 17:12 - 00000099 _____ () C:\Users\Darth Wader\Desktop\vybertesijednoprosiiiiiiim.txt
2014-08-30 15:53 - 2014-08-30 15:53 - 00015235 _____ () C:\Users\Darth Wader\Desktop\Drumkit.gpx
2014-08-30 00:27 - 2014-08-30 00:27 - 00000000 ____D () C:\Users\Darth Wader\Documents\Adobe
2014-08-30 00:26 - 2014-08-30 00:26 - 00841848 _____ () C:\Users\Darth Wader\Documents\Untitled 1.wav
2014-08-30 00:25 - 2014-08-30 00:25 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-08-30 00:24 - 2014-08-30 00:24 - 00001256 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
2014-08-30 00:24 - 2014-08-30 00:24 - 00000000 ____D () C:\Program Files (x86)\My Company Name
2014-08-30 00:24 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\windows\system32\Drivers\PxHlpa64.sys
2014-08-30 00:24 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdralw2k.sys
2014-08-30 00:24 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdr4_xp.sys
2014-08-30 00:19 - 2014-08-30 00:21 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Adobe Audition CS6
2014-08-30 00:03 - 2014-08-30 00:15 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
2014-08-27 19:03 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-25 21:52 - 2014-08-25 21:52 - 00048946 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E13(0000068832).srt
2014-08-24 22:42 - 2014-08-24 22:42 - 00055768 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E12-Kaisha(0000153722).srt
2014-08-24 22:40 - 2014-08-24 22:40 - 00055646 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E12(0000137473).srt
2014-08-24 00:10 - 2014-08-24 00:10 - 00052977 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E11(0000137472).srt
2014-08-23 23:40 - 2014-08-23 23:40 - 00052392 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E06(0000142529).srt
2014-08-23 23:14 - 2014-08-23 23:23 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sopranos - The Complete Series (Season 1, 2, 3, 4, 5 & 6) + Extras
2014-08-23 20:10 - 2014-08-23 20:10 - 00073383 _____ () C:\Users\Darth Wader\Documents\The Sky Is Full Of Fallen Stars.gpx
2014-08-23 13:42 - 2013-12-27 23:14 - 00052718 _____ () C:\Users\Darth Wader\Desktop\when hatatitla eat some beans.gpx
2014-08-21 12:23 - 2014-08-21 12:23 - 00069674 _____ () C:\Users\Darth Wader\Documents\Diamonds And Rust (Reactor cover).gpx
2014-08-19 21:36 - 2014-08-19 22:09 - 00053566 _____ () C:\Users\Darth Wader\Desktop\dpdpdpdpdpdpd.gpx
2014-08-19 21:28 - 2014-08-19 21:28 - 00051440 _____ () C:\Users\Darth Wader\Documents\dpzmena2.gpx
2014-08-18 22:24 - 2014-08-18 22:24 - 03640005 _____ () C:\Users\Darth Wader\Downloads\Už-mě-nelíbej.mp3---Jiří-Schelinger
2014-08-18 22:21 - 2014-08-18 22:22 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Jiří Schelinger - Čas 51-71-81 (3CD)(2011)[FLAC]
2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Peter Nagy - best of [lubimta.sk]
2014-08-18 21:45 - 2014-08-18 21:45 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Miro Žbirka
2014-08-18 21:43 - 2014-08-18 21:43 - 00000000 ____D () C:\Users\Darth Wader\Downloads\MODUS 1977-1988
2014-08-18 21:29 - 2014-08-18 23:02 - 00000000 ____D () C:\Users\Darth Wader\Desktop\MP3
2014-08-18 14:58 - 2014-08-18 14:58 - 00111386 _____ () C:\Users\Darth Wader\Downloads\1080665460.zip
2014-08-17 21:20 - 2014-09-03 20:16 - 00000000 ____D () C:\Users\Darth Wader\Documents\Electronic Arts
2014-08-17 21:15 - 2014-08-30 18:32 - 00447752 ____R (On2.com) C:\windows\SysWOW64\vp6vfw.dll
2014-08-17 21:15 - 2014-08-17 21:15 - 00001494 _____ () C:\Users\Public\Desktop\The Sims 4 Create A Sim Demo.lnk
2014-08-17 21:15 - 2014-08-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Create A Sim Demo
2014-08-17 21:02 - 2014-09-04 12:31 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-17 20:58 - 2014-09-03 20:13 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Origin
2014-08-17 20:58 - 2014-08-17 21:02 - 00000000 ____D () C:\Users\Darth Wader\AppData\Local\Origin
2014-08-17 20:51 - 2014-09-07 00:24 - 00000000 ____D () C:\ProgramData\Origin
2014-08-17 20:51 - 2014-09-06 19:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-17 20:51 - 2014-08-17 21:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-17 20:51 - 2014-08-17 20:51 - 00000990 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-17 20:48 - 2014-08-17 20:50 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\Darth Wader\Downloads\OriginThinSetup.exe
2014-08-17 20:43 - 2014-08-17 20:51 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sims 4 Create A Sim Demo
2014-08-17 20:40 - 2014-08-17 20:40 - 00000000 ____D () C:\Users\Darth Wader\Downloads\3DMGAME-The.Sims.4.Create.A.Sim.Demo.Cracked-3DM
2014-08-15 18:29 - 2014-08-02 02:15 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 00:33 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-08-15 00:32 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 00:32 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:14 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 21:14 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 19:29 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 19:29 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 19:29 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 19:29 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-08-14 19:29 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 19:29 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 19:29 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 19:29 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 19:29 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 19:29 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 19:29 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 19:29 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 19:29 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 19:29 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 19:29 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-08-14 19:29 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-14 19:29 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-14 19:29 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 19:29 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-14 19:29 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 19:29 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-08-14 19:29 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 19:29 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-08-14 19:29 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 19:29 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 19:29 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 19:29 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-08-14 19:29 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-08-14 19:29 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 19:29 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 19:29 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 19:29 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-08-14 19:29 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-08-14 19:29 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-08-13 10:56 - 2014-08-13 11:03 - 37741506 _____ () C:\Users\Darth Wader\Documents\VIDEO0153.mp4
2014-08-11 00:04 - 2014-08-18 23:03 - 00001574 _____ () C:\windows\setupact.log
2014-08-11 00:04 - 2014-08-11 00:04 - 00000000 _____ () C:\windows\setuperr.log
2014-08-10 16:47 - 2014-08-15 23:02 - 00000000 ____D () C:\Users\Darth Wader\Desktop\Zlozky

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:03 - 2014-09-08 16:02 - 00021314 _____ () C:\Users\Darth Wader\Desktop\FRST.txt
2014-09-08 16:02 - 2014-09-08 16:02 - 00029696 _____ () C:\Users\Darth Wader\AppData\Local\MSGBOX.EXE
2014-09-08 16:02 - 2014-09-08 16:02 - 00015327 _____ () C:\Users\Darth Wader\Desktop\LM.bat
2014-09-08 16:02 - 2014-09-08 16:02 - 00000000 ____D () C:\FRST
2014-09-08 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-08 15:59 - 2014-09-08 15:58 - 00000000 ____D () C:\Users\Darth Wader\Documents\Flight Simulator X Files
2014-09-08 15:56 - 2014-09-08 15:56 - 00096009 _____ () C:\windows\DirectX.log
2014-09-08 15:56 - 2014-09-08 15:56 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-08 15:56 - 2013-11-05 13:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-08 15:53 - 2014-09-08 15:53 - 02105344 _____ (Farbar) C:\Users\Darth Wader\Desktop\FRST64.exe
2014-09-08 15:53 - 2014-09-08 15:53 - 00112640 _____ (forum.viry.cz) C:\Users\Darth Wader\Desktop\FRSTLauncher.exe
2014-09-08 15:42 - 2014-09-08 15:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-08 15:41 - 2013-11-05 14:05 - 00719336 _____ () C:\windows\system32\perfh005.dat
2014-09-08 15:41 - 2013-11-05 14:05 - 00148412 _____ () C:\windows\system32\perfc005.dat
2014-09-08 15:41 - 2012-07-26 09:28 - 01717852 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 15:40 - 2014-05-22 07:11 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415516972-2411298999-134058401-1002
2014-09-08 15:34 - 2014-08-05 18:39 - 00012046 _____ () C:\windows\PFRO.log
2014-09-08 15:34 - 2013-11-05 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-08 15:34 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-08 15:33 - 2014-09-08 15:30 - 00000000 ____D () C:\AdwCleaner
2014-09-08 15:33 - 2013-11-05 14:19 - 00006656 _____ () C:\windows\system32\VfService.trf
2014-09-08 15:31 - 2014-05-24 00:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 15:30 - 2014-09-08 15:30 - 01370467 _____ () C:\Users\Darth Wader\Downloads\adwcleaner_3.309.exe
2014-09-08 15:26 - 2014-09-08 15:26 - 00000761 _____ () C:\Users\Darth Wader\Desktop\JRT.txt
2014-09-08 15:21 - 2014-09-08 15:21 - 00000000 ____D () C:\windows\ERUNT
2014-09-08 15:20 - 2014-09-08 15:20 - 01016261 _____ (Thisisu) C:\Users\Darth Wader\Downloads\JRT.exe
2014-09-08 15:15 - 2014-08-05 19:11 - 01653068 _____ () C:\windows\WindowsUpdate.log
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\ProgramData\ESET
2014-09-08 15:11 - 2014-09-08 15:11 - 00000000 ____D () C:\Program Files\ESET
2014-09-08 15:09 - 2014-05-22 07:04 - 00000968 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 15:02 - 2014-09-08 15:02 - 01695680 _____ (ESET) C:\Users\Darth Wader\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-08 15:00 - 2014-09-08 15:00 - 00002292 _____ () C:\Users\Darth Wader\Documents\cc_20140908_150000.reg
2014-09-08 14:44 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-08 14:42 - 2014-09-08 14:42 - 00000845 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-09-08 14:42 - 2014-09-08 14:42 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\PowerISO
2014-09-08 14:42 - 2014-09-08 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-09-08 14:42 - 2014-09-08 14:41 - 00000000 ____D () C:\Program Files\PowerISO
2014-09-08 14:39 - 2014-09-08 14:39 - 00014492 _____ () C:\Users\Darth Wader\Documents\cc_20140908_143947.reg
2014-09-08 14:36 - 2014-06-13 23:44 - 00000000 ____D () C:\Program Files (x86)\Fifa Master
2014-09-08 09:13 - 2014-09-08 09:13 - 00839584 _____ () C:\windows\Minidump\090814-59187-01.dmp
2014-09-08 09:13 - 2014-07-12 13:27 - 04940680 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 09:13 - 2014-07-03 18:45 - 00000000 ____D () C:\windows\Minidump
2014-09-08 09:12 - 2014-09-08 09:12 - 582188350 _____ () C:\windows\MEMORY.DMP
2014-09-07 22:34 - 2014-05-25 12:27 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\vlc
2014-09-07 20:56 - 2014-05-21 23:26 - 02275328 ___SH () C:\Users\Darth Wader\Desktop\Thumbs.db
2014-09-07 20:39 - 2014-09-07 20:39 - 00058464 _____ () C:\Users\Darth Wader\Downloads\Inconsolata.otf
2014-09-07 00:24 - 2014-08-17 20:51 - 00000000 ____D () C:\ProgramData\Origin
2014-09-06 20:07 - 2014-06-25 22:46 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Monty Python's Flying Circus
2014-09-06 19:02 - 2014-08-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-06 00:15 - 2014-09-06 00:15 - 00000000 ____D () C:\Users\Public\Documents\Line 6
2014-09-06 00:15 - 2014-09-06 00:12 - 00000000 ____D () C:\Users\Darth Wader\Documents\Full Session
2014-09-06 00:11 - 2014-09-06 00:11 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Trillium Lane
2014-09-06 00:11 - 2014-09-05 23:57 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Avid
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\PACE Anti-Piracy
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\Users\Darth Wader\AppData\Local\PACE Anti-Piracy
2014-09-06 00:10 - 2014-09-06 00:10 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2014-09-06 00:10 - 2014-05-22 06:59 - 00000000 ____D () C:\Users\Darth Wader
2014-09-06 00:10 - 2014-03-29 19:01 - 00000000 ___HD () C:\Users\Darth Wader\AppData\Local\Prld4ud8Pl7GJ
2014-09-06 00:10 - 2013-12-30 20:27 - 00000000 ___HD () C:\Users\Darth Wader\AppData\Local\WMzjo7kzsIlS
2014-09-06 00:10 - 2013-01-20 11:45 - 00000000 ___HD () C:\Users\Darth Wader\AppData\Local\WaJYZ0Yz9dIZwqQ
2014-09-05 23:57 - 2014-09-05 23:57 - 00001984 _____ () C:\Users\Public\Desktop\Pro Tools 10.lnk
2014-09-05 23:57 - 2014-09-05 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2014-09-05 23:53 - 2014-09-05 23:53 - 00000000 ____D () C:\Program Files\Avid
2014-09-05 23:53 - 2014-09-05 23:53 - 00000000 ____D () C:\Program Files (x86)\Avid
2014-09-05 23:49 - 2014-09-05 23:49 - 00000000 ____D () C:\ProgramData\PACE
2014-09-05 23:48 - 2014-05-24 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-05 23:47 - 2014-09-05 23:47 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2014-09-05 23:47 - 2014-09-05 23:47 - 00002088 _____ () C:\Users\Public\Desktop\iLok License Manager.lnk
2014-09-05 23:47 - 2014-09-05 23:47 - 00000000 ____D () C:\Program Files (x86)\iLok License Manager
2014-09-05 23:47 - 2014-05-23 20:52 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\uTorrent
2014-09-05 23:42 - 2014-09-05 23:42 - 00000000 ____D () C:\Users\Darth Wader\Desktop\Pro Tools 10.3.7 Setup files
2014-09-05 22:32 - 2014-09-05 22:15 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Pro.Tools.HD.10.3.7-WIN
2014-09-05 22:21 - 2014-09-05 22:21 - 03424300 _____ () C:\Users\Darth Wader\Desktop\mar.wav
2014-09-05 21:30 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-04 13:25 - 2014-09-04 13:25 - 00002046 _____ () C:\Users\Public\Desktop\The SIMS 4 Deluxe Edition.lnk
2014-09-04 13:25 - 2014-09-04 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-04 13:25 - 2014-09-04 13:22 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-04 13:09 - 2014-09-04 12:35 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-04 12:31 - 2014-08-17 21:02 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-04 12:31 - 2014-07-10 22:02 - 00000000 ____D () C:\Games
2014-09-04 09:14 - 2014-05-22 07:05 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 08:51 - 2014-09-04 08:36 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sims 4 PC full game (Origins) Multi17 ^^nosTEAM^^
2014-09-03 22:46 - 2014-07-24 22:37 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Skype
2014-09-03 20:16 - 2014-08-17 21:20 - 00000000 ____D () C:\Users\Darth Wader\Documents\Electronic Arts
2014-09-03 20:13 - 2014-08-17 20:58 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Origin
2014-09-02 21:14 - 2014-08-30 21:24 - 04494892 _____ () C:\Users\Darth Wader\Desktop\Squard.wav
2014-09-02 21:03 - 2014-09-02 21:03 - 00068238 _____ () C:\Users\Darth Wader\Documents\ggfds.gpx
2014-09-02 19:53 - 2014-05-22 07:34 - 00000000 ____D () C:\Users\Darth Wader\Documents\Youcam
2014-09-02 19:47 - 2014-09-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-31 21:51 - 2014-08-30 18:16 - 00023554 _____ () C:\Users\Darth Wader\Desktop\Squard.gpx
2014-08-30 18:32 - 2014-08-17 21:15 - 00447752 ____R (On2.com) C:\windows\SysWOW64\vp6vfw.dll
2014-08-30 17:12 - 2014-08-30 17:11 - 00000099 _____ () C:\Users\Darth Wader\Desktop\vybertesijednoprosiiiiiiim.txt
2014-08-30 15:53 - 2014-08-30 15:53 - 00015235 _____ () C:\Users\Darth Wader\Desktop\Drumkit.gpx
2014-08-30 01:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-08-30 00:27 - 2014-08-30 00:27 - 00000000 ____D () C:\Users\Darth Wader\Documents\Adobe
2014-08-30 00:26 - 2014-08-30 00:26 - 00841848 _____ () C:\Users\Darth Wader\Documents\Untitled 1.wav
2014-08-30 00:25 - 2014-08-30 00:25 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-08-30 00:24 - 2014-08-30 00:24 - 00001256 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CS6.lnk
2014-08-30 00:24 - 2014-08-30 00:24 - 00000000 ____D () C:\Program Files (x86)\My Company Name
2014-08-30 00:24 - 2014-05-22 07:00 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Adobe
2014-08-30 00:24 - 2014-05-21 21:48 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-30 00:24 - 2014-05-21 21:43 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-30 00:21 - 2014-08-30 00:19 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Adobe Audition CS6
2014-08-30 00:15 - 2014-08-30 00:03 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
2014-08-28 22:10 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-08-25 21:52 - 2014-08-25 21:52 - 00048946 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E13(0000068832).srt
2014-08-24 22:42 - 2014-08-24 22:42 - 00055768 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E12-Kaisha(0000153722).srt
2014-08-24 22:40 - 2014-08-24 22:40 - 00055646 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E12(0000137473).srt
2014-08-24 00:10 - 2014-08-24 00:10 - 00052977 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E11(0000137472).srt
2014-08-23 23:40 - 2014-08-23 23:40 - 00052392 _____ () C:\Users\Darth Wader\Downloads\The-Sopranos-S06E06(0000142529).srt
2014-08-23 23:23 - 2014-08-23 23:14 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sopranos - The Complete Series (Season 1, 2, 3, 4, 5 & 6) + Extras
2014-08-23 20:10 - 2014-08-23 20:10 - 00073383 _____ () C:\Users\Darth Wader\Documents\The Sky Is Full Of Fallen Stars.gpx
2014-08-23 13:41 - 2014-08-05 20:16 - 00000000 ____D () C:\Users\Darth Wader\AppData\Roaming\Audacity
2014-08-23 08:47 - 2014-08-27 19:03 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 12:23 - 2014-08-21 12:23 - 00069674 _____ () C:\Users\Darth Wader\Documents\Diamonds And Rust (Reactor cover).gpx
2014-08-19 22:09 - 2014-08-19 21:36 - 00053566 _____ () C:\Users\Darth Wader\Desktop\dpdpdpdpdpdpd.gpx
2014-08-19 21:28 - 2014-08-19 21:28 - 00051440 _____ () C:\Users\Darth Wader\Documents\dpzmena2.gpx
2014-08-18 23:03 - 2014-08-11 00:04 - 00001574 _____ () C:\windows\setupact.log
2014-08-18 23:02 - 2014-08-18 21:29 - 00000000 ____D () C:\Users\Darth Wader\Desktop\MP3
2014-08-18 22:57 - 2014-05-30 22:53 - 00102912 ___SH () C:\Users\Darth Wader\Downloads\Thumbs.db
2014-08-18 22:24 - 2014-08-18 22:24 - 03640005 _____ () C:\Users\Darth Wader\Downloads\Už-mě-nelíbej.mp3---Jiří-Schelinger
2014-08-18 22:22 - 2014-08-18 22:21 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Jiří Schelinger - Čas 51-71-81 (3CD)(2011)[FLAC]
2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Peter Nagy - best of [lubimta.sk]
2014-08-18 21:45 - 2014-08-18 21:45 - 00000000 ____D () C:\Users\Darth Wader\Downloads\Miro Žbirka
2014-08-18 21:43 - 2014-08-18 21:43 - 00000000 ____D () C:\Users\Darth Wader\Downloads\MODUS 1977-1988
2014-08-18 14:58 - 2014-08-18 14:58 - 00111386 _____ () C:\Users\Darth Wader\Downloads\1080665460.zip
2014-08-17 21:20 - 2014-08-17 20:51 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-08-17 21:15 - 2014-08-17 21:15 - 00001494 _____ () C:\Users\Public\Desktop\The Sims 4 Create A Sim Demo.lnk
2014-08-17 21:15 - 2014-08-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Create A Sim Demo
2014-08-17 21:15 - 2013-11-05 13:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 21:02 - 2014-08-17 20:58 - 00000000 ____D () C:\Users\Darth Wader\AppData\Local\Origin
2014-08-17 20:51 - 2014-08-17 20:51 - 00000990 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-08-17 20:51 - 2014-08-17 20:43 - 00000000 ____D () C:\Users\Darth Wader\Downloads\The Sims 4 Create A Sim Demo
2014-08-17 20:50 - 2014-08-17 20:48 - 17090912 _____ (Electronic Arts, Inc.) C:\Users\Darth Wader\Downloads\OriginThinSetup.exe
2014-08-17 20:40 - 2014-08-17 20:40 - 00000000 ____D () C:\Users\Darth Wader\Downloads\3DMGAME-The.Sims.4.Create.A.Sim.Demo.Cracked-3DM
2014-08-15 23:02 - 2014-08-10 16:47 - 00000000 ____D () C:\Users\Darth Wader\Desktop\Zlozky
2014-08-15 18:27 - 2014-07-10 14:50 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 18:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-08-15 18:27 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\sk-SK
2014-08-15 18:27 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sk-SK
2014-08-15 09:03 - 2014-05-21 16:54 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 00:39 - 2014-05-21 16:54 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 00:33 - 2014-05-27 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 23:55 - 2014-05-21 23:25 - 00000132 _____ () C:\Users\Darth Wader\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-13 11:03 - 2014-08-13 10:56 - 37741506 _____ () C:\Users\Darth Wader\Documents\VIDEO0153.mp4
2014-08-11 00:04 - 2014-08-11 00:04 - 00000000 _____ () C:\windows\setuperr.log
2014-08-09 22:01 - 2014-05-22 06:59 - 00000000 ____D () C:\Users\Darth Wader\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Darth Wader\AppData\Local\Temp\bassmod.dll
C:\Users\Darth Wader\AppData\Local\Temp\InstHelper.exe
C:\Users\Darth Wader\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 12:57

==================== End Of Log ============================


za pomoc ďakujem, ste super :)

Re: Ruský Malware

Napsal: 08 zář 2014 15:14
od vyosek
Zdravim :)

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Ruský Malware

Napsal: 08 zář 2014 15:38
od seebo
LOG z Rkillu:

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2014 04:19:32 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\UMonit64.exe (PID: 5604) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001


LOG z combofixu:

ComboFix 14-09-05.01 - Darth Wader 08.09.2014 16:23:36.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.421.1051.18.8138.6297 [GMT 2:00]
Running from: c:\users\Darth Wader\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\users\Darth Wader\AppData\Local\Msgbox.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-08 to 2014-09-08 )))))))))))))))))))))))))))))))
.
.
2014-09-08 14:31 . 2014-09-08 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-08 14:02 . 2014-09-08 14:04 -------- d-----w- C:\FRST
2014-09-08 13:56 . 2014-09-08 13:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-09-08 13:42 . 2014-09-08 13:42 -------- d-----w- c:\program files (x86)\Microsoft Games
2014-09-08 13:31 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-08 13:30 . 2014-09-08 13:33 -------- d-----w- C:\AdwCleaner
2014-09-08 13:21 . 2014-09-08 13:21 -------- d-----w- c:\windows\ERUNT
2014-09-08 13:11 . 2014-09-08 13:11 -------- d-----w- c:\program files\ESET
2014-09-08 12:42 . 2014-09-08 12:42 -------- d-----w- c:\users\Darth Wader\AppData\Roaming\PowerISO
2014-09-08 12:41 . 2014-03-11 07:00 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-09-08 12:41 . 2014-09-08 12:42 -------- d-----w- c:\program files\PowerISO
2014-09-05 22:11 . 2014-09-05 22:11 -------- d-----w- c:\users\Darth Wader\AppData\Roaming\Trillium Lane
2014-09-05 22:10 . 2014-09-05 22:10 -------- d-----w- c:\users\Darth Wader\AppData\Roaming\PACE Anti-Piracy
2014-09-05 22:10 . 2014-09-05 22:10 -------- d-----w- c:\programdata\PACE Anti-Piracy
2014-09-05 22:10 . 2014-09-05 22:10 -------- d-----w- c:\users\Darth Wader\AppData\Local\PACE Anti-Piracy
2014-09-05 22:10 . 2014-09-06 14:02 -------- d-----w- c:\users\Darth Wader\AvidLogFiles
2014-09-05 21:57 . 2014-09-05 22:11 -------- d-----w- c:\users\Darth Wader\AppData\Roaming\Avid
2014-09-05 21:53 . 2014-09-05 21:56 -------- d-----w- c:\program files (x86)\Common Files\Avid
2014-09-05 21:53 . 2014-09-05 21:53 -------- d-----w- c:\program files\Avid
2014-09-05 21:53 . 2014-09-05 21:53 -------- d-----w- c:\program files (x86)\Avid
2014-09-05 21:49 . 2014-09-05 21:49 -------- d-----w- c:\programdata\PACE
2014-09-05 21:47 . 2014-09-05 21:47 -------- d-----w- c:\program files (x86)\iLok License Manager
2014-09-05 21:47 . 2014-09-05 21:47 -------- d-----w- c:\program files (x86)\Common Files\PACE
2014-09-04 11:22 . 2014-09-04 11:25 -------- d-----w- c:\program files (x86)\The SIMS 4 Deluxe Edition
2014-08-29 22:24 . 2014-08-29 22:24 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2014-08-29 22:24 . 2014-08-29 22:24 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2014-08-29 22:24 . 2011-11-03 01:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2014-08-29 22:24 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2014-08-29 22:24 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2014-08-29 22:24 . 2014-08-29 22:24 -------- d-----w- c:\program files (x86)\My Company Name
2014-08-27 17:03 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 19:34 . 2014-08-24 19:34 262312 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-17 19:15 . 2014-08-30 16:32 447752 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2014-08-17 19:15 . 2014-08-17 19:15 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-08-17 19:02 . 2014-09-04 10:31 -------- d-----w- c:\program files (x86)\Origin Games
2014-08-17 18:58 . 2014-09-03 18:13 -------- d-----w- c:\users\Darth Wader\AppData\Roaming\Origin
2014-08-17 18:58 . 2014-08-17 19:02 -------- d-----w- c:\users\Darth Wader\AppData\Local\Origin
2014-08-17 18:51 . 2014-09-06 22:24 -------- d-----w- c:\programdata\Origin
2014-08-17 18:51 . 2014-08-17 19:20 -------- d-----w- c:\programdata\Electronic Arts
2014-08-17 18:51 . 2014-09-06 17:02 -------- d-----w- c:\program files (x86)\Origin
2014-08-15 16:29 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-14 22:33 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-14 22:32 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 22:32 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 19:14 . 2014-08-07 06:33 712192 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 19:14 . 2014-08-07 03:09 556544 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-24 18:13 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 22:39 . 2014-05-21 14:54 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-03 22:17 . 2014-08-03 22:17 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2014-08-03 22:17 . 2014-08-03 22:17 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2014-08-03 22:17 . 2014-08-03 22:17 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2014-08-02 00:15 . 2014-05-21 18:05 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-25 13:50 . 2014-06-11 20:09 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-05-22 05:11 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-11 20:09 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-05-22 05:11 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-20 19:00 . 2014-07-20 19:00 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2014-07-20 19:00 . 2014-07-20 19:00 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-06-30 22:42 . 2014-07-09 11:36 394240 ----a-w- c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-07-09 11:36 87552 ----a-w- c:\windows\system32\aepic.dll
2014-06-17 23:27 . 2014-07-09 10:21 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 10:21 1557504 ----a-w- c:\windows\system32\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-05-23 466656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-10-31 168464]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-03-11 377368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
R3 GeneStor;Genesys Logic Storage Driver;c:\windows\System32\drivers\GeneStor.sys;c:\windows\SYSNATIVE\drivers\GeneStor.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys;c:\windows\SYSNATIVE\drivers\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\System32\drivers\ggsomc.sys;c:\windows\SYSNATIVE\drivers\ggsomc.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\System32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 L6PODHD4;Service - Line 6 POD HD400;c:\windows\System32\Drivers\L6PODHD464.sys;c:\windows\SYSNATIVE\Drivers\L6PODHD464.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys;c:\windows\SYSNATIVE\drivers\MijXfilt.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\System32\drivers\wacomrouterfilter.sys;c:\windows\SYSNATIVE\drivers\wacomrouterfilter.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VeriFaceSrv;VeriFaceSrv;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-04 07:13 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23 18:31]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8a3f9909611c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 05:04]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 05:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-28 13545032]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-05-20 1308232]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-04-12 7770936]
"RtsFT"="RTFTrack.exe" [2013-07-19 6340312]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2013-04-09 40960]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-11-05 17097200]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-11-05 193008]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-02-24 5581888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Darth Wader\AppData\Roaming\Mozilla\Firefox\Profiles\x14qedx1.default\
FF - prefs.js: browser.startup.homepage - google.sk
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PaceLicenseDServices]
"ImagePath"="\"c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-09-08 16:33:53
ComboFix-quarantined-files.txt 2014-09-08 14:33
.
Pre-Run: 569 728 962 560 bytes free
Post-Run: 569 461 395 456 bytes free
.
- - End Of File - - CCCD6178D6148C274CC96799B9A6BEFB
5FB38429D5D77768867C76DCBDB35194

Re: Ruský Malware

Napsal: 09 zář 2014 12:35
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"=-
"DAEMON Tools Lite"=-
"Sony PC Companion"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=-
"RemoteControl10"=-
"SwitchBoard"=-
"AdobeCS6ServiceManager"=-
"Adobe ARM"=-
"HP Software Update"=-
"PWRISOVM.EXE"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8a3f9909611c.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz