Chirurgia spinală minim invazivă
Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical. Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale. www.neurohope.ro |
HEUR.Trojan.Win32.Generic
Last Updated: Sep 15 2014 12:24, Started by
Business_style
, Sep 13 2014 23:35
·
0
#1
Posted 13 September 2014 - 23:35
Am luat troianul asta acum 1-2 ore de pe un link din email (sursa de incredere, credeam).
Imediat cineva a preluat controlul laptopului, intrand pe diverse site-uri...deschizandu-mi diverse foldere, etc. Pana am reusit sa-l deconectez de la net. Am activat kaspersky si cica la omorat, la bagat in carantina, etc, dar tot am atacuri odata la 5 minute. Imi apare jos in bara ca antivirusul a blocat site-ul xyz sa downloadeze pachete de date din motive de securitate malware sau ceva in genu. Practic, troianul asta invie o data la 5 minute. Cum pot scapa de el??? Am doar o singura partitie, si nu-mi permit sa formatez hardul. Am mai incercat ceva programe care se laudau ca rezolva...dar fix pix. Ajutor? (Windows 7 cu licenta activat). |
#2
Posted 13 September 2014 - 23:51
Business_style, on 13 septembrie 2014 - 23:35, said:
Am activat kaspersky si cica la omorat, la bagat in carantina, etc, dar tot am atacuri odata la 5 minute. Imi apare jos in bara ca antivirusul a blocat site-ul xyz sa downloadeze pachete de date din motive de securitate malware sau ceva in genu. Practic, troianul asta invie o data la 5 minute. Cum pot scapa de el??? Am doar o singura partitie, si nu-mi permit sa formatez hardul. Adică până atunci ai ținut Kaspersky dezactivat ? PS: Pentru devirusare încearcă Kaspersky Rescue Disk 10. Pui imaginea pe un CD sau stick și boot-ezi. Apoi dai o scanare. Edited by RaduGL, 13 September 2014 - 23:55. |
#3
Posted 14 September 2014 - 00:20
Descarca si ruleaza OTL.
Pentru Windows Vista sau Windows 7,Windows 8, click dreapta, selecteaza Run as administrator. Bifezi ca in imagine. [ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt. Copiaza pe rand continutul acestor ferestre si posteazale aici. |
#4
Posted 14 September 2014 - 01:05
OTL:
OTL logfile created on: 9/14/2014 1:55:16 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17280) Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy 3.89 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.87% Memory free 7.77 Gb Paging File | 5.94 Gb Available in Paging File | 76.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.75 Gb Total Space | 182.42 Gb Free Space | 61.27% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/09/14 01:54:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe PRC - [2014/09/13 23:20:28 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2014/09/04 06:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2014/07/30 03:22:10 | 036,414,496 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014/07/09 11:35:39 | 000,764,184 | ---- | M] (Ammyy LLC) -- C:\ProgramData\Acess\wmihost.exe PRC - [2014/04/10 14:38:44 | 000,350,528 | ---- | M] (ClientConnect Ltd.) -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe PRC - [2012/10/18 23:42:26 | 000,689,560 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe PRC - [2012/09/13 10:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2012/09/13 10:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2012/04/25 00:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2014/09/14 01:33:30 | 000,043,008 | ---- | M] () -- c:\Users\Julian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jnrt3.dll MOD - [2014/09/04 06:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll MOD - [2014/09/04 06:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll MOD - [2014/09/04 06:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll MOD - [2014/09/04 06:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll MOD - [2014/09/04 06:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll MOD - [2014/07/30 03:20:20 | 003,610,624 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013/08/23 22:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012/09/13 10:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2012/09/13 10:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2012/09/13 10:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2012/09/13 10:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2012/09/13 10:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2012/09/13 10:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2012/09/13 10:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2012/05/25 14:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV:64bit: - [2014/08/19 01:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014/02/27 12:52:12 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2014/01/18 04:37:48 | 003,816,176 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2014/01/18 04:37:30 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2014/01/18 04:37:08 | 000,632,048 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2014/01/18 04:36:42 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014/09/13 23:20:28 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2014/09/11 22:59:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/07/31 20:11:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/04/10 14:38:44 | 000,350,528 | ---- | M] (ClientConnect Ltd.) [Auto | Running] -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe -- (TBSrv) SRV - [2014/04/04 06:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/03/21 01:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/12/01 00:34:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/10/18 23:42:26 | 000,689,560 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2012/04/25 00:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/09/14 00:21:40 | 000,628,320 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014/09/14 00:21:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2014/09/14 00:21:40 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2014/09/14 00:21:40 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2014/09/14 00:21:40 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2014/09/14 00:21:40 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2014/09/14 00:21:39 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2014/07/11 08:47:48 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901) DRV:64bit: - [2014/06/27 09:59:02 | 000,131,856 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2014/05/13 16:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2014/05/13 16:06:08 | 000,042,224 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam) DRV:64bit: - [2014/02/27 12:52:12 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2014/01/26 17:09:40 | 011,521,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64) DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013/11/23 01:22:06 | 000,284,912 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2013/11/07 14:06:12 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2013/11/01 13:28:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013/08/21 12:27:26 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2013/05/02 07:23:50 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2013/05/02 07:23:50 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2013/05/02 07:23:50 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2013/02/12 07:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/10/02 23:49:40 | 000,506,184 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2012/10/02 23:49:40 | 000,453,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2012/10/02 23:49:40 | 000,443,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2012/10/02 23:49:40 | 000,021,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2012/09/21 22:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/09/21 22:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/03/02 01:09:56 | 000,103,184 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps) DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/05 21:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2011/10/05 21:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 14:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/09/18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...SP21715TA_sp_ie IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\URLSearchHook: {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== Firefox ========== FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2014.01.23 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...P21715TA_sp_ff" FF - prefs.js..browser.search.selectedEngine: "Trovi search" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Julian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/09 22:06:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014/09/14 00:21:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014/09/14 00:21:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014/09/14 00:21:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014/09/14 00:21:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2014/09/14 00:21:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/07/09 22:06:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/26 13:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Extensions [2014/07/27 08:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\55uqtfw5.default\extensions [2014/06/26 13:42:12 | 000,021,498 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\55uqtfw5.default\extensions\[email protected] [2014/09/14 01:31:34 | 000,000,658 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\55uqtfw5.default\searchplugins\trovi-search.xml [2014/07/31 20:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/07/31 20:11:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = http://suggest.secci...x={searchTerms}, CHR - homepage: http://www.trovi.com...SP21715TA_sp_ch CHR - plugin: Error reading preferences file CHR - Extension: Kaspersky URL Advisor = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: ***** = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\ CHR - Extension: Safe Money = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Tastatură virtuală = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: Kaspersky Protection = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh\2.3.0.43_0\ CHR - Extension: Google Wallet = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ CHR - Extension: Anti-Banner = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\Toolbar\WebBrowser: (no name) - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000..\Run: [{E6913168-F237-6FBF-6605-D852D26E4FE2}] C:\Users\Julian\AppData\Roaming\Exeg\ikuzb.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000..\Run: [Data] C:\ProgramData\Acess\wmihost.exe (Ammyy LLC) O4 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000..\Run: [Facebook Update] C:\Users\Julian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3:64bit: - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000 WinNT: Load - (C:\Users\Julian\LOCALS~1\Temp\mskowawao.cmd) - C:\Users\Julian\Local Settings\Temp\mskowawao.cmd (Microsoft Corporation) F3 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000 WinNT: Load - (C:\Users\Julian\LOCALS~1\Temp\mskowawao.cmd) - C:\Users\Julian\Local Settings\Temp\mskowawao.cmd (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEC8B79-EDF3-4E64-AC7F-04740CB27A47}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACC6F863-24A8-46ED-91E5-FF27538CC59F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E2BABC-7663-4D13-9545-521C076CF7EF}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBB89645-03D9-4DA6-AE15-391482710F35}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/09/14 01:31:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Simply Super Software [2014/09/14 01:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2014/09/14 01:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2014/09/14 01:21:46 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Simply Super Software [2014/09/14 01:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2014/09/14 01:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2014/09/14 01:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2014/09/14 01:00:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\SearchProtect [2014/09/14 01:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2014/09/14 01:00:07 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\PowerISO [2014/09/14 00:59:15 | 000,131,856 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys [2014/09/14 00:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2014/09/14 00:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO [2014/09/13 23:57:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/09/13 23:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2014/09/13 23:12:41 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2014/09/13 23:11:59 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2014/09/13 23:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2014/09/13 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2014/09/13 23:11:43 | 000,091,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014/09/13 23:11:42 | 000,628,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014/09/13 22:47:45 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Exeg [2014/09/13 22:47:45 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Ecyh [2014/09/13 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Acess [2014/09/12 03:08:01 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/09/12 03:08:01 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/09/12 03:08:00 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/09/12 03:08:00 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/09/12 03:08:00 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/09/12 03:08:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/09/12 03:08:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/09/12 03:08:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014/09/12 03:08:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavascriptCollectionAgent.dll [2014/09/12 03:08:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014/09/12 03:08:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/09/12 03:08:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/09/12 03:07:59 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/09/12 03:07:59 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/09/12 03:07:59 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/09/12 03:07:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/09/12 03:07:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/09/12 03:07:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/09/12 03:07:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/09/12 03:07:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/09/12 03:07:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/09/12 03:07:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/09/12 03:07:58 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/09/12 03:07:58 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/09/12 03:07:58 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/09/12 03:07:58 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/09/12 03:07:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavascriptCollectionAgent.dll [2014/09/12 03:07:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/09/12 03:07:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/09/12 03:07:57 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/09/12 03:07:57 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/09/12 03:07:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/09/12 03:07:56 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/09/12 03:07:55 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/09/12 03:07:55 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/09/12 03:00:34 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2014/09/12 03:00:34 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2014/09/11 22:34:52 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll [2014/09/11 22:34:52 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll [2014/09/11 22:34:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2014/09/11 22:34:28 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014/09/09 18:47:47 | 000,000,000 | ---D | C] -- C:\DE PE TELEFON [2014/09/09 18:35:55 | 000,000,000 | ---D | C] -- C:\BUDAPESTA [2014/09/08 22:25:02 | 000,000,000 | ---D | C] -- C:\romania [2014/09/06 14:14:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\New folder [2014/08/31 23:18:00 | 000,000,000 | ---D | C] -- C:\EXCURSIE BULGARIA [2014/08/31 20:36:19 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Facebook [2014/08/29 20:53:42 | 000,000,000 | ---D | C] -- C:\EXCURSIE BUCURESTI [2014/08/29 20:42:09 | 000,196,608 | ---- | C] (RICOH) -- C:\Windows\SysNative\RiSDIcon.dll [2014/08/29 20:42:09 | 000,188,416 | ---- | C] (RICOH) -- C:\Windows\SysNative\RiMMCIcon.dll [2014/08/29 20:42:09 | 000,101,888 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\risdxc64.sys [2014/08/29 20:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ricoh [2014/08/27 23:35:59 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2014/08/18 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Microsoft Games [2014/08/16 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Diagnostics [2014/08/15 03:01:39 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe [2014/08/15 03:01:39 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe [2014/08/15 03:01:39 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll [2014/08/15 03:01:39 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll [2014/08/15 03:01:36 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll [2014/08/15 03:01:36 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll [2014/08/15 03:01:14 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe [2014/08/15 03:01:14 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe ========== Files - Modified Within 30 Days ========== [2014/09/14 01:37:44 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/09/14 01:37:44 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/09/14 01:34:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/09/14 01:32:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/09/14 01:32:37 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\DriverToolkit Autorun.job [2014/09/14 01:32:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/09/14 01:32:22 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys [2014/09/14 01:13:20 | 287,530,636 | ---- | M] () -- C:\Users\Julian\Documents\KRD10.daa [2014/09/14 01:06:45 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/09/14 01:06:45 | 000,654,140 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/09/14 01:06:45 | 000,122,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/09/14 00:59:16 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk [2014/09/14 00:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/09/14 00:21:40 | 000,628,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014/09/14 00:21:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2014/09/14 00:21:40 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2014/09/14 00:21:40 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys [2014/09/14 00:21:40 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys [2014/09/14 00:21:40 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2014/09/14 00:21:39 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2014/09/14 00:21:39 | 000,091,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014/09/13 23:41:10 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204116853-3764428274-1929492922-1000UA.job [2014/09/13 23:28:46 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2014/09/13 20:41:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204116853-3764428274-1929492922-1000Core.job [2014/09/12 03:06:17 | 000,766,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/09/11 22:59:15 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/09/11 22:59:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/09/11 21:37:22 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/09/04 15:53:50 | 001,099,262 | ---- | M] () -- C:\Users\Julian\Desktop\DSCF0122.jpg [2014/08/28 16:55:27 | 004,897,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/08/23 05:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2014/08/22 03:23:38 | 000,489,178 | ---- | M] () -- C:\Users\Julian\Documents\Screenshotfromgreen2.png [2014/08/22 02:53:33 | 001,019,922 | ---- | M] () -- C:\Users\Julian\Documents\screenshotfromgreen.png [2014/08/19 17:25:11 | 002,892,261 | ---- | M] () -- C:\Users\Julian\Desktop\2014-08-19 17.25.11-5.jpg [2014/08/19 01:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/08/19 01:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/08/19 01:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/08/19 01:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/08/19 01:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/08/19 01:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014/08/19 01:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/08/19 01:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/08/19 01:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/08/19 01:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/08/19 01:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/08/19 00:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/08/19 00:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/08/19 00:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/08/19 00:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavascriptCollectionAgent.dll [2014/08/19 00:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/08/19 00:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014/08/19 00:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/08/19 00:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/08/19 00:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/08/19 00:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/08/19 00:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/08/19 00:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/08/19 00:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/08/19 00:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/08/19 00:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/08/19 00:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/08/19 00:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/08/19 00:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavascriptCollectionAgent.dll [2014/08/19 00:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/08/19 00:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/08/19 00:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/08/19 00:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/08/18 23:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/08/18 23:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll ========== Files Created - No Company Name ========== [2014/09/14 01:12:37 | 287,530,636 | ---- | C] () -- C:\Users\Julian\Documents\KRD10.daa [2014/09/14 00:59:16 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk [2014/09/04 15:51:56 | 001,099,262 | ---- | C] () -- C:\Users\Julian\Desktop\DSCF0122.jpg [2014/08/31 20:36:23 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204116853-3764428274-1929492922-1000UA.job [2014/08/31 20:36:22 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2204116853-3764428274-1929492922-1000Core.job [2014/08/22 23:40:40 | 002,892,261 | ---- | C] () -- C:\Users\Julian\Desktop\2014-08-19 17.25.11-5.jpg [2014/08/22 03:22:58 | 000,489,178 | ---- | C] () -- C:\Users\Julian\Documents\Screenshotfromgreen2.png [2014/08/22 02:52:36 | 001,019,922 | ---- | C] () -- C:\Users\Julian\Documents\screenshotfromgreen.png [2014/08/17 04:43:27 | 003,272,626 | ---- | C] () -- C:\Users\Julian\Desktop\2014-06-30 20.52.04.jpg [2014/08/07 11:02:37 | 000,000,132 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2014/07/09 22:00:23 | 000,221,285 | ---- | C] () -- C:\Windows\hpoins19.dat [2014/07/09 22:00:23 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2014/06/09 03:54:43 | 000,766,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/06/06 21:46:05 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2014/06/06 21:46:01 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014/06/06 21:46:00 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2014/06/06 19:18:51 | 000,035,890 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2012/09/21 22:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/09/21 22:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/09/21 22:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 05:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 04:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/09/13 23:13:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BitTorrent [2014/06/13 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BSplayer [2014/06/13 19:41:53 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BSplayer Pro [2014/06/06 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\driveridentifier [2014/09/14 01:33:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Dropbox [2014/09/14 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ecyh [2014/09/13 22:47:45 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Exeg [2014/06/05 21:41:02 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech [2014/09/14 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PowerISO [2014/09/14 01:31:06 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Simply Super Software [2014/06/25 22:47:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ZJMedia ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 459 bytes -> C:\Users\Julian\Desktop\2014-08-19 17.25.11-5.jpg:com.dropbox.attributes @Alternate Data Stream - 456 bytes -> C:\Users\Julian\Desktop\2014-06-30 20.52.04.jpg:com.dropbox.attributes @Alternate Data Stream - 455 bytes -> C:\Users\Julian\Desktop\11.jpg:com.dropbox.attributes @Alternate Data Stream - 162 bytes -> C:\Users\Julian\Desktop\Screenshot 2014-06-05 12.46.04.png:com.dropbox.attributes @Alternate Data Stream - 161 bytes -> C:\Users\Julian\Desktop\prodzoomimg2948.jpg:com.dropbox.attributes @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > EXTRAS: OTL Extras logfile created on: 9/14/2014 1:55:16 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17280) Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy 3.89 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.87% Memory free 7.77 Gb Paging File | 5.94 Gb Available in Paging File | 76.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.75 Gb Total Space | 182.42 Gb Free Space | 61.27% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{023615AD-1B05-45FB-8BF2-118D8928870A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{09A3D18A-0593-4741-B9A9-C0EE900F1666}" = rport=445 | protocol=6 | dir=out | app=system | "{1FADADE1-E785-4D39-8761-349A2A6C0131}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{2C9902EA-B410-4D0B-AA6E-36CEAAE2EC58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F67DD8D-4984-4D1E-94A4-15C9E42DB795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{58438D40-0D7D-4FC1-A5C9-2D83EE5A28F0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7E2DC606-A9B2-470A-8510-BF4C82843E57}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{830FE1A8-EEB8-4FF2-8DE6-88E09290D154}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{96296B48-4940-4EBE-A79A-DB0C356BB69A}" = lport=445 | protocol=6 | dir=in | app=system | "{A856B67B-2344-4C46-ABC5-DC40A4057393}" = rport=139 | protocol=6 | dir=out | app=system | "{B7564196-D7CF-49F5-9398-4CC2F4BB23E1}" = rport=138 | protocol=17 | dir=out | app=system | "{BC8B882E-0EAD-4484-82A3-08BCA4A95D2D}" = rport=137 | protocol=17 | dir=out | app=system | "{BD1EA06B-62F7-4D57-B95D-4CC953E8217F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA7347F8-07C3-4D33-A7C5-A830E66DEC74}" = lport=139 | protocol=6 | dir=in | app=system | "{CD92BF44-14E1-4F19-AFD3-5F6299C1A4EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DC7910A2-2D2A-4EEB-AB2D-724ED6E02EFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DF7FEF50-ADA8-42B6-9140-4D1FF157E716}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E29AC43D-035A-4A91-80A3-50B1A94836FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{E8F77150-7C5A-40A0-A7E4-91FF2C7D129A}" = lport=138 | protocol=17 | dir=in | app=system | "{F131B947-FB93-4F6B-9DD9-205B8787A238}" = lport=137 | protocol=17 | dir=in | app=system | "{F772636F-9998-4CBE-9DD8-8020A7D0D975}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02250ECD-169D-4463-A1C6-18D8B7975F24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{048F11B7-F02A-4AC0-B776-D83C1AEBC0A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{11A201D2-7E7A-4093-949F-A4AFC99411D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{12277169-9ADB-43EC-8069-8F745C453B04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{1595F9B3-D36F-4F5C-A59C-E00A8FF6BE1D}" = protocol=1 | dir=out | [email protected],-28544 | "{1E46A317-7DC5-42C4-ABEA-7D77863142F6}" = protocol=17 | dir=in | app=c:\program files (x86)\livejasmin.com\jasmincam\jcam.exe | "{229DE9AF-4639-48CB-810E-F5049EF70E8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{31B9684B-6A0F-4465-912A-3C30DDA51E1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{32BBFD18-2D18-4D1D-9409-5A410E518B88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{35307CF1-2F85-4212-A6D2-5B2D0E7B5DA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{35FD1D1B-975A-4D43-899A-44C9F09FB98F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4017DA61-D1DB-4842-A857-1666F4E3C75F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{47B65FB7-2CBA-4568-B56D-11905F24B743}" = protocol=58 | dir=in | app=system | "{48422DD3-F850-4D16-A720-CDDDFC677F47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{4E1BDDDE-1132-44D6-99B1-D092CB482B86}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | "{504A7EF1-F062-454E-8F11-69B1C84CC3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{50A26B06-730D-47DB-A0F9-C138849D80EB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5145102F-241F-4D0D-947D-592F9FAB4B25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{5C8F16A8-996A-497F-8285-6B898E44B2AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{61944BD8-69F3-4634-B5A4-85C6D30BE261}" = protocol=6 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | "{62294146-F8B3-4E4D-9EDC-204EA7567B17}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{6422E590-9AE5-4FC9-A395-D790D203DA58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{738466F8-CD1B-4E62-8496-D963486A50D4}" = protocol=6 | dir=in | app=c:\program files (x86)\livejasmin.com\jasmincam\jcam.exe | "{815D44A7-4CDD-4904-A9BB-0F07B9E7BE39}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{82E3EEAE-5C0B-42AE-8EE2-E5D55AD9B202}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{831946EC-7814-4D80-904B-8416F3A19983}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | "{83E20321-7B22-4926-A2C2-3ACB227E7558}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{84DFD88B-1EE3-4800-BB3A-FE477A31C994}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{8BFF698F-82B4-47F0-9377-6F424997C914}" = protocol=58 | dir=out | [email protected],-28546 | "{9395DA4A-F91B-4B93-B035-7F8ECC46F8F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{9776BD0B-6D0E-42BA-81AC-7BB3DA53F2A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{9DA213D8-CB15-4283-9258-B7B67146231F}" = protocol=1 | dir=in | [email protected],-28543 | "{9E6F2441-3079-43BA-94A5-12F5AF6CB6BC}" = protocol=58 | dir=out | [email protected],-503 | "{9F5FDFF5-0F63-4025-917A-6C2E40A013EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{9FF7730D-514D-41F3-89FD-79BA32AAA830}" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\bittorrent\bittorrent.exe | "{B1163326-553D-4F18-BFE0-E69255E73CF6}" = protocol=58 | dir=in | [email protected],-28545 | "{B691210B-0A87-4DA6-A8C9-D259C92E4115}" = dir=in | app=c:\users\julian\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{BD5453B0-9809-4F1E-B6DB-DF6B971E89D3}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{C08A00F7-7183-42CC-AB65-9636B4898340}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{C9CB0D48-BEA6-4BED-B28D-22D1C6F431C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{CB11A0CA-F3B0-4F2F-A78C-959A1DDCF428}" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\bittorrent\bittorrent.exe | "{DC8D4E25-FFA4-472C-B38F-7D054074E90C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{DCC910E6-19DF-427C-8FAF-A45424CCC3F5}" = protocol=17 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | "{E22CD329-52F9-4959-B498-F8ABF9BA05FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{F19F3048-6285-45CF-9B9D-FC011B6FCC68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{F40DD969-793A-4927-B73B-DFF463F31546}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{FA30C994-878C-4F80-AE63-03D962A57854}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{FD2F7D0B-9A89-4811-982E-5C62B093B1BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "TCP Query User{3F0FE019-30E6-4C22-AFBB-42103628E5FF}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "TCP Query User{AB0E9604-9508-4871-962F-5D6376741914}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe | "TCP Query User{BF30C8C8-6FA8-416F-A041-E5BD939B04EE}C:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1FAB5534-49DE-49E0-BC0D-1485E783D58A}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe | "UDP Query User{9BE75EDB-2541-4A40-9051-4E025D5BEE2A}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | "UDP Query User{EA3EA553-339B-4C8C-AE85-D55D8635638F}C:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\julian\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5F3A89AB-9EA8-6B75-EB86-FEEA6208296A}" = ATI Catalyst Install Manager "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B5E49E64-0C1B-49AD-AE21-119CE68750E9}" = Intel® PROSet/Wireless WiFi Software "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel® Chipset Device Software "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{dd372384-a281-47d6-8ef4-19cc622dce4e}" = Intel® PRO/Wireless Driver "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Power Management Driver" = Lenovo Power Management Driver "PROSet" = Intel® Network Connections Drivers "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60 "{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18 "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8B213010-9BEE-4EC9-B630-A52BA81BC3AC}" = RemiRoyal.ro "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}" = Intel® PROSet/Wireless Software "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel® Chipset Device Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "BSPlayerf" = BS.Player FREE "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Google Chrome" = Google Chrome "IECT3329621" = BS Player ControlBar B Toolbar for IE "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "Mozilla Firefox 31.0 (x86 ro)" = Mozilla Firefox 31.0 (x86 ro) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PowerISO" = PowerISO "SearchProtect" = Search Protect "Trojan Remover_is1" = Trojan Remover 6.9.1 "WinRAR archiver" = WinRAR 5.01 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ System Events ] Error - 9/13/2014 6:02:51 PM | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 9/13/2014 6:32:51 PM | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = The Search Protect Service service failed to start due to the following error: %%2 Error - 9/13/2014 6:32:51 PM | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom < End of report > |
#5
Posted 14 September 2014 - 01:11
Nu stiu cum poti sa rulezi un fisier executabil din greseala, n-ai cum sa-l confunzi cu o poza sau video...
|
#6
Posted 14 September 2014 - 01:19
rickysyv, on 14 septembrie 2014 - 01:11, said:
Nu stiu cum poti sa rulezi un fisier executabil din greseala, n-ai cum sa-l confunzi cu o poza sau video... In urma unei cereri de oferta (sa zic asa) am primit pe email un link, unde puteam vedea (descarca) fisierul cu pricina. Nu-mi trecea nici prin minte ca ar putea fi un virus, fiind o sursa cunoscuta. |
#7
Posted 14 September 2014 - 01:23
Oferta n-are cum sa fie fisier executabil! Este ori DOC, ori PDF, ori TXT! Trebuia sa te prinzi ca e tzeapa!
|
#8
Posted 14 September 2014 - 01:40
#9
Posted 14 September 2014 - 07:01
rickysyv, on 14 septembrie 2014 - 01:23, said:
Oferta n-are cum sa fie fisier executabil! Este ori DOC, ori PDF, ori TXT! Trebuia sa te prinzi ca e tzeapa! @ Business_style Te duci la Start,Control Panel,sus Tools , folder options,View,debifeaza hide extensions for known file types,Aply,ok! Edited by whitewizard, 14 September 2014 - 07:08. |
#10
Posted 14 September 2014 - 08:50
1. Ruleaza din nou OTL.
Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL. Quote
:PROCESSES killallprocesses :OTL PRC - [2014/07/09 11:35:39 | 000,764,184 | ---- | M] (Ammyy LLC) -- C:\ProgramData\Acess\wmihost.exe PRC - [2014/04/10 14:38:44 | 000,350,528 | ---- | M] (ClientConnect Ltd.) -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe SRV - [2014/04/10 14:38:44 | 000,350,528 | ---- | M] (ClientConnect Ltd.) [Auto | Running] -- C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe -- (TBSrv) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) IE - HKLM\..\URLSearchHook: {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\URLSearchHook: {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found IE - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O3 - HKLM\..\Toolbar: (no name) - {31264a33-a653-46c4-af49-1232c59a7da5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000\..\Toolbar\WebBrowser: (no name) - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-21-2204116853-3764428274-1929492922-1000..\Run: [Data] C:\ProgramData\Acess\wmihost.exe (Ammyy LLC) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft....?LinkID=122915 /build:7601 File not found <b>[Country : - ]</b> O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft....?LinkID=122915 /build:7601 File not found <b>[Country : - ]</b> O18:64bit: - Protocol\Handler\ms-help - No CLSID value found [2014/09/14 01:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2014/09/14 01:00:28 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\SearchProtect [2014/09/14 01:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2014/08/29 20:42:09 | 000,196,608 | ---- | C] (RICOH) -- C:\Windows\SysNative\RiSDIcon.dll [2014/08/29 20:42:09 | 000,188,416 | ---- | C] (RICOH) -- C:\Windows\SysNative\RiMMCIcon.dll @Alternate Data Stream - 459 bytes -> C:\Users\Julian\Desktop\2014-08-19 17.25.11-5.jpg:com.dropbox.attributes @Alternate Data Stream - 456 bytes -> C:\Users\Julian\Desktop\2014-06-30 20.52.04.jpg:com.dropbox.attributes @Alternate Data Stream - 455 bytes -> C:\Users\Julian\Desktop\11.jpg:com.dropbox.attributes @Alternate Data Stream - 162 bytes -> C:\Users\Julian\Desktop\Screenshot 2014-06-05 12.46.04.png:com.dropbox.attributes @Alternate Data Stream - 161 bytes -> C:\Users\Julian\Desktop\prodzoomimg2948.jpg:com.dropbox.attributes @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9 :Files ipconfig /flushdns /c :Commands [purity] [CLEARALLRESTOREPOINTS] [emptytemp] [emptyjava] [emptyflash] [Reboot] Vezi pe imagine cum. Apasa Run Fix. Posteaza logul aici. [ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Da un scan cu Kaspersky. |
|
#11
Posted 14 September 2014 - 14:06
whitewizard, on 14 septembrie 2014 - 07:01, said:
Ori are terminatia .bat si omul nu are setata sa vada extensiile sau terminatia gen Jpg.exe! In cazul asta Windows te intreaba daca esti sigur ca vrei sa-l rulezi, ba iti mai si spune ca nu e semnat de catre un trusted publisher. Lumea da click pe Yes fara sa se gandeasca de doua ori... |
#12
Posted 14 September 2014 - 16:34
All processes killed
========== PROCESSES ========== ========== OTL ========== No active process named wmihost.exe was found! Process ToolbarService.exe killed successfully! Process YahooAUService.exe killed successfully! Service TBSrv stopped successfully! Service TBSrv deleted successfully! C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe moved successfully. Service SwitchBoard stopped successfully! Service SwitchBoard deleted successfully! C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe moved successfully. Service YahooAUService stopped successfully! Service YahooAUService deleted successfully! C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}\ not found. Registry value HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}\ not found. HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31264a33-a653-46c4-af49-1232c59a7da5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31264A33-A653-46C4-AF49-1232C59A7DA5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds deleted successfully. C:\Windows\SysNative\hkcmd.exe moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully. C:\Windows\SysNative\igfxtray.exe moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully. C:\Windows\SysNative\igfxpers.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully. C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully. File C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner deleted successfully. C:\Program Files (x86)\Trojan Remover\Trjscan.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2204116853-3764428274-1929492922-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Data not found. File C:\ProgramData\Acess\wmihost.exe not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover folder moved successfully. C:\Users\Julian\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully. C:\Users\Julian\AppData\Local\SearchProtect\SearchProtect folder moved successfully. C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully. C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully. C:\Windows\SysNative\RiSDIcon.dll moved successfully. C:\Windows\SysNative\RiMMCIcon.dll moved successfully. ADS C:\Users\Julian\Desktop\2014-08-19 17.25.11-5.jpg:com.dropbox.attributes deleted successfully. ADS C:\Users\Julian\Desktop\2014-06-30 20.52.04.jpg:com.dropbox.attributes deleted successfully. ADS C:\Users\Julian\Desktop\11.jpg:com.dropbox.attributes deleted successfully. ADS C:\Users\Julian\Desktop\Screenshot 2014-06-05 12.46.04.png:com.dropbox.attributes deleted successfully. ADS C:\Users\Julian\Desktop\prodzoomimg2948.jpg:com.dropbox.attributes deleted successfully. ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Julian\Downloads\cmd.bat deleted successfully. C:\Users\Julian\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Julian ->Temp folder emptied: 1932413723 bytes ->Temporary Internet Files folder emptied: 79730891 bytes ->Java cache emptied: 189473 bytes ->FireFox cache emptied: 126753030 bytes ->Google Chrome cache emptied: 207933953 bytes ->Flash cache emptied: 3119 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 298434868 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55409915 bytes RecycleBin emptied: 149449308 bytes Total Files Cleaned = 2,718.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Julian ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Julian ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09142014_171648 Files\Folders moved on Reboot... C:\Users\Julian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Kaspersky zice ca acum totul ii ok. Multumesc frumos ! Fisierul deschis de mine ii .SCR |
#13
Posted 15 September 2014 - 02:11
Tot executabil e si SCR, e extensie folosita de screensavers, dar na lumea nu prea stie asta si da dublu click pe ea!
|
#14
Posted 15 September 2014 - 08:36
Hmmm, Windows 7 SP1 si inca folosesti IE 9 ???
Pai tu nu ai nici macar update-urile la zi instalate - ultimul IE e 11. Ca o recomadare - ruleaza si un Malwarebytes AntiMalware - http://forum.softped...es-antimalware/ este complementar unui antivirus - poate gasi si ce a scapat acestuia ( eventual poti incerca o curatare ma idetaliata a sistemului ca in topicul asta - http://forum.softped...hide-topic-nou/ ) . Dupa care updateaza sistemul la zi. Si lasa antivirusul pornit. |
#15
Posted 15 September 2014 - 12:16
Nu folosesc IE...Nu l-am folosit niciodata. Dar nici nu stiu cum sa-l dezinstalez ca vine cu Windows...Folosesc Chrome. Nu cred ca mai exista cineva care foloseste IE.
Multumesc de sfaturi. O sa incerc si alea. |
|
#16
Posted 15 September 2014 - 12:24
Da, la asta se gandesc toti care folosesc Chrome sau Firefox... Nu folosesc IE, de ce sa-l mai upgradez.
Desi daca ai Automatic Updates pornit si-l updateaza windowsul singur - deci in cazul tau e oprit - probabil mai sunt si alte update-uri care nu le-ai facut. Ce omiti, tu si ceilalti, este ca IE este parte integranta din sistemul de operare, mai curand din explorer. In plus cam tot ce tine de windows foloseste parti din IE. E un update care este obligatoriu de facut din motive ce tin nu doar de securitate, ci si de imbunatatirea functionarii windowsului. Altfel il gaseai la update-uri optionale. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users