RTC video PnP listener - prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 14.5
Guru Level 14.5
Příspěvky: 36176
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 09 čer 2017 10:07

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-329068152-1645522239-839522115-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-329068152-1645522239-839522115-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://images.malwareremoval.com/jpshor ... emLook.exe


SystemLook (64-bit)
http://images.malwareremoval.com/jpshor ... ok_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
rtc.*

:dir
RTC video PnP listener
RTC

:filefind
*RTC*

:folderfind
*RTC*

:regfind
RTC

Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS2\system32\dllhost.exe
C:\WINDOWS\system32\drivers\utmymzq1.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/


Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 09 čer 2017 13:32

jaro3 píše:Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-329068152-1645522239-839522115-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-329068152-1645522239-839522115-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.



Program přestane po chvíli reagovat, většinou se zasekne u složky C:\Documents and Settings\LocalService.NT AUHORITY\Local Settings\Temporary Internet Files

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 14.5
Guru Level 14.5
Příspěvky: 36176
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 09 čer 2017 18:47

Zkus to udělat v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 10 čer 2017 12:16

V nouzovým režimu se to seká taky.

Na ploše jsem našel kousek fixlogu.

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2017 01
Ran by Adam2 (10-06-2017 12:09:46) Run:10
Running from C:\Documents and Settings\Adam2\Plocha
Loaded Profiles: Adam2 (Available Profiles: Adam2 & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-329068152-1645522239-839522115-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-329068152-1645522239-839522115-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

EmptyTemp:
End
*****************

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 14.5
Guru Level 14.5
Příspěvky: 36176
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 11 čer 2017 08:59

Stáhni si rkill
a spusť ho . Spustí se sken .Po skenu se program sám ukončí.
Pozn.: NERESTARTUJ PC !

pak udělej znovu script v oTL.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 11 čer 2017 12:19

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/11/2017 12:16:13 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS2\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS2\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS2\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/11/2017 12:16:58 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 11 čer 2017 12:19

Error: Unable to interpret <Start> in the current context!
Error: Unable to interpret <CloseProcesses:> in the current context!
Error: Unable to interpret <HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION> in the current context!
Error: Unable to interpret <HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION> in the current context!
Error: Unable to interpret <URLSearchHook: [S-1-5-21-329068152-1645522239-839522115-500] ATTENTION => Default URLSearchHook is missing> in the current context!
Error: Unable to interpret <SearchScopes: HKU\S-1-5-21-329068152-1645522239-839522115-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}> in the current context!
Error: Unable to interpret <DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab> in the current context!
Error: Unable to interpret <DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab> in the current context!
Error: Unable to interpret <DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab> in the current context!
Error: Unable to interpret <HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION> in the current context!
Error: Unable to interpret <EmptyTemp:> in the current context!
Error: Unable to interpret <End> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06112017_121805

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 14.5
Guru Level 14.5
Příspěvky: 36176
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 12 čer 2017 09:24

Takže ten FRST script nejde?

Toto otestuj na Virustotal
C:\WINDOWS2\system32\dllhost.exe
C:\WINDOWS\system32\drivers\utmymzq1.sys


neudělal si..

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 13 čer 2017 03:14

Frst script mi zasekne celý pc hned ze začátku, nevím buď to něco blokuje, ale nevím jak to zrušit, zkoušel jsem předtím i vypínat různé procesy, firewally, nebo spustit program v nouzovým režimu, ale nic nepomohlo. S frst jsem měl ten samý problém i dřív, ale tehdy se mi to nakonec nějak povedlo.
Nemáte oprávnění prohlížet přiložené soubory.

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 13 čer 2017 03:33

OTL logfile created on: 13.6.2017 3:21:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Adam2\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,43% Memory free
5,08 Gb Paging File | 4,21 Gb Available in Paging File | 82,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 1863,02 Gb Total Space | 1506,70 Gb Free Space | 80,87% Space Free | Partition Type: NTFS
Drive E: | 698,60 Gb Total Space | 602,18 Gb Free Space | 86,20% Space Free | Partition Type: NTFS

Computer Name: BBDRA2-3D0A5E7C | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam2\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Foxit Software Inc.)
PRC - C:\WINDOWS2\system32\KaraokeSer.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files\Comodo\Chromodo\chromodo.exe (Comodo)
PRC - C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS2\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (ZAMSvc) -- C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (FoxitReaderService) -- C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Foxit Software Inc.)
SRV - (KaraokeService) -- C:\WINDOWS2\system32\KaraokeSer.exe (VIA Technologies, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (KSDE1.0.0) -- C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab)
SRV - (AVP17.0.0) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (AO Kaspersky Lab)
SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Disc Soft Lite Bus Service) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (ZAM) -- C:\WINDOWS2\system32\drivers\zam32.sys (Zemana Ltd.)
DRV - (ZAM_Guard) -- C:\WINDOWS2\system32\drivers\zamguard32.sys (Zemana Ltd.)
DRV - (TrueSight) -- C:\WINDOWS2\system32\drivers\TrueSight.sys ()
DRV - (KLIF) -- C:\WINDOWS2\system32\drivers\klif.sys (AO Kaspersky Lab)
DRV - (klflt) -- C:\WINDOWS2\system32\drivers\klflt.sys (AO Kaspersky Lab)
DRV - (klhk) -- C:\WINDOWS2\system32\drivers\klhk.sys (AO Kaspersky Lab)
DRV - (kneps) -- C:\WINDOWS2\system32\drivers\kneps.sys (AO Kaspersky Lab)
DRV - (dtlitescsibus) -- C:\WINDOWS2\system32\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV - (NVHDA) -- C:\WINDOWS2\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (VIAHdAudAddService) -- C:\WINDOWS2\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- C:\WINDOWS2\system32\drivers\Ambfilt.sys (Creative)
DRV - (MonFilt) -- C:\WINDOWS2\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (amdide) -- C:\WINDOWS2\system32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (HWiNFO32) -- C:\WINDOWS2\system32\drivers\HWiNFO32.SYS (REALiX(tm))
DRV - (hamachi) -- C:\WINDOWS2\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (kltap) -- C:\WINDOWS2\system32\drivers\kltap.sys (The OpenVPN Project)
DRV - (klbackupflt) -- C:\WINDOWS2\system32\drivers\klbackupflt.sys (AO Kaspersky Lab)
DRV - (cm_km) -- C:\WINDOWS2\system32\drivers\cm_km.sys (AO Kaspersky Lab)
DRV - (klbackupdisk) -- C:\WINDOWS2\system32\drivers\klbackupdisk.sys (AO Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS2\system32\drivers\kl1.sys (AO Kaspersky Lab)
DRV - (klpd) -- C:\WINDOWS2\system32\drivers\klpd.sys (AO Kaspersky Lab)
DRV - (kldisk) -- C:\WINDOWS2\system32\drivers\kldisk.sys (AO Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS2\system32\drivers\klim5.sys (AO Kaspersky Lab)
DRV - (klkbdflt) -- C:\WINDOWS2\system32\drivers\klkbdflt.sys (AO Kaspersky Lab)
DRV - (kltdf) -- C:\WINDOWS2\system32\drivers\kltdf.sys (AO Kaspersky Lab)
DRV - (kltdi) -- C:\WINDOWS2\system32\drivers\kltdi.sys (AO Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS2\system32\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV - (RTLE8023xp) -- C:\WINDOWS2\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nltdi) -- C:\Program Files\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (NLNdisPT) -- C:\WINDOWS2\system32\drivers\nlndis.sys (Locktime Software)
DRV - (NLNdisMP) -- C:\WINDOWS2\system32\drivers\nlndis.sys (Locktime Software)
DRV - (MBAMProtector) -- C:\WINDOWS2\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (usbfilter) -- C:\WINDOWS2\system32\drivers\usbfilter.sys (Advanced Micro Devices)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2016.11.23 02:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017.03.16 01:52:26 | 000,104,713 | ---- | M] ()


O1 HOSTS File: ([2017.06.07 19:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Kaspersky Protection) - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Kaspersky Protection Toolbar) - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (Kaspersky Protection Toolbar) - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS2\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS2\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E21823-6180-4C49-977C-5D3183C290D7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS2\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS2\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS2\system32\userinit.exe) - C:\WINDOWS2\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS2\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS2\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS2\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS2\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS2\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS2\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS2\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS2\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS2\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS2\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS2\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS2\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS2\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS2\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS2\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS2\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS2\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS2\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS2\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.04.30 22:28:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2015.11.19 03:37:49 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2017.06.11 12:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2017.06.10 14:40:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\OpenOffice 4.1.3
[2017.06.09 13:11:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Recent
[2017.06.09 13:11:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2017.06.09 12:43:06 | 001,775,104 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\FRST.exe
[2017.06.08 23:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Revo Uninstaller
[2017.06.08 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2017.06.08 21:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\Curiolab
[2017.06.08 21:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Exterminate It!
[2017.06.08 01:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\LeeGTs Games
[2017.06.08 01:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Governor of Poker
[2017.06.08 00:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Oracle
[2017.06.07 19:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS2\temp
[2017.06.06 22:00:20 | 000,000,000 | ---D | C] -- C:\WINDOWS2\erdnt
[2017.06.06 19:40:30 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS2\System32\drivers\zam32.sys
[2017.06.06 19:40:28 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\WINDOWS2\System32\drivers\zamguard32.sys
[2017.06.06 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Zemana AntiMalware
[2017.06.06 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2017.06.05 11:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\RogueKiller
[2017.06.05 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2017.06.04 23:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Sophos
[2017.06.04 23:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Sophos

========== Files - Modified Within 30 Days ==========

[2017.06.13 03:24:02 | 000,077,712 | ---- | M] () -- C:\WINDOWS2\ZAM_Guard.krnl.trace
[2017.06.13 03:24:00 | 000,143,828 | ---- | M] () -- C:\WINDOWS2\ZAM.krnl.trace
[2017.06.13 03:21:05 | 001,664,400 | ---- | M] () -- C:\WINDOWS2\System32\nvdrsdb0.bin
[2017.06.13 03:21:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS2\System32\nvdrssel.bin
[2017.06.13 03:19:33 | 000,010,776 | ---- | M] () -- C:\WINDOWS2\System32\nvAppTimestamps
[2017.06.13 02:21:03 | 001,664,400 | ---- | M] () -- C:\WINDOWS2\System32\nvdrsdb1.bin
[2017.06.11 22:37:05 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Star Stable Online.lnk
[2017.06.11 15:17:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2017.06.11 15:16:41 | 000,000,224 | ---- | M] () -- C:\WINDOWS2\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2017.06.11 15:16:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2017.06.11 12:54:32 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Skype.lnk
[2017.06.10 17:09:30 | 000,249,496 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2017.06.10 14:40:30 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\OpenOffice 4.1.3.lnk
[2017.06.08 23:49:15 | 001,775,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\FRST.exe
[2017.06.08 23:46:35 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Revo Uninstaller.lnk
[2017.06.08 21:18:47 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Exterminate It!.lnk
[2017.06.08 15:00:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS2\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2017.06.08 01:13:18 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Governor of Poker.lnk
[2017.06.08 00:28:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2017.06.07 19:13:22 | 000,006,127 | ---- | M] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\hijackthis log2
[2017.06.07 19:04:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS2\System32\drivers\etc\hosts
[2017.06.06 19:40:30 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS2\System32\drivers\zam32.sys
[2017.06.06 19:40:28 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS2\System32\drivers\zamguard32.sys
[2017.06.06 19:40:25 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Zemana AntiMalware.lnk
[2017.06.06 19:22:37 | 000,024,064 | ---- | M] () -- C:\WINDOWS2\zoek-delete.exe
[2017.06.06 11:25:22 | 000,024,688 | ---- | M] () -- C:\WINDOWS2\System32\drivers\TrueSight.sys
[2017.06.06 11:20:43 | 011,792,456 | ---- | M] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\RogueKiller_old32.exe
[2017.06.06 10:16:38 | 022,018,120 | ---- | M] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\RogueKiller_portable32.exe
[2017.06.05 11:23:49 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\RogueKiller.lnk
[2017.06.04 23:54:34 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Sophos Virus Removal Tool.lnk

========== Files Created - No Company Name ==========

[2017.06.10 14:40:30 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\OpenOffice 4.1.3.lnk
[2017.06.08 23:46:35 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Revo Uninstaller.lnk
[2017.06.08 21:18:47 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Exterminate It!.lnk
[2017.06.08 01:13:18 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Governor of Poker.lnk
[2017.06.07 19:13:22 | 000,006,127 | ---- | C] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\hijackthis log2
[2017.06.06 19:40:36 | 000,143,711 | ---- | C] () -- C:\WINDOWS2\ZAM.krnl.trace
[2017.06.06 19:40:35 | 000,077,589 | ---- | C] () -- C:\WINDOWS2\ZAM_Guard.krnl.trace
[2017.06.06 19:40:25 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Zemana AntiMalware.lnk
[2017.06.06 19:31:58 | 000,024,064 | ---- | C] () -- C:\WINDOWS2\zoek-delete.exe
[2017.06.06 11:20:33 | 011,792,456 | ---- | C] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\RogueKiller_old32.exe
[2017.06.06 10:16:24 | 022,018,120 | ---- | C] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\RogueKiller_portable32.exe
[2017.06.05 11:23:49 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\RogueKiller.lnk
[2017.06.04 23:53:32 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Sophos Virus Removal Tool.lnk
[2017.04.04 02:01:50 | 000,024,688 | ---- | C] () -- C:\WINDOWS2\System32\drivers\TrueSight.sys
[2017.03.04 12:15:46 | 001,012,993 | ---- | C] () -- C:\WINDOWS2\System32\bmaker.exe
[2016.12.20 22:28:55 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Local Settings\Data aplikací\LumaEmu
[2016.11.22 01:19:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS2\System32\iacenc.dll
[2016.11.18 01:12:19 | 000,406,528 | ---- | C] () -- C:\WINDOWS2\System32\freetype.dll
[2016.11.18 01:08:07 | 000,515,192 | ---- | C] () -- C:\WINDOWS2\System32\QuickFontCache.dll
[2016.11.17 16:46:20 | 006,203,411 | ---- | C] () -- C:\WINDOWS2\System32\nvcoproc.bin
[2016.11.17 16:45:25 | 001,664,400 | ---- | C] () -- C:\WINDOWS2\System32\nvdrsdb1.bin
[2016.11.17 16:45:25 | 001,664,400 | ---- | C] () -- C:\WINDOWS2\System32\nvdrsdb0.bin
[2016.11.17 16:45:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS2\System32\nvdrssel.bin
[2016.11.17 16:36:55 | 035,101,184 | ---- | C] () -- C:\WINDOWS2\System32\nvcompiler.dll
[2016.11.17 16:36:55 | 002,345,364 | ---- | C] () -- C:\WINDOWS2\System32\nvdata.data
[2016.11.17 16:10:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2016.11.17 15:19:44 | 000,004,293 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2016.11.17 15:17:13 | 000,249,496 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2016.11.17 14:51:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
[2016.11.17 14:42:29 | 000,021,812 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2016.03.07 02:34:46 | 000,611,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1005-0.dat
[2016.02.08 01:41:43 | 000,135,418 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1007-0.dat
[2015.05.02 04:33:21 | 001,739,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1003-0.dat
[2015.05.02 04:33:20 | 000,165,298 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat

========== ZeroAccess Check ==========

[2016.11.17 16:29:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS2\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 09:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 09:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2017.06.08 21:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\Curiolab
[2016.11.17 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\.mono
[2016.11.17 22:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Battle.net
[2017.03.13 01:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Camel Audio
[2017.01.21 19:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\DAEMON Tools Lite
[2017.03.06 03:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Foxit ContentPlatform
[2017.03.06 03:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Foxit Software
[2016.12.04 16:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Freemake
[2016.11.20 20:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\IObit
[2017.04.06 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Locktime
[2017.06.04 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\LogMeIn
[2017.03.04 12:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MAGIX
[2017.03.13 02:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Native Instruments
[2017.06.08 00:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Oracle
[2017.03.04 12:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Pinnacle
[2017.04.04 07:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\RogueKiller
[2017.06.04 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Sophos

========== Purity Check ==========



< End of report >





K čemu slouží DRV - (kltap) -- C:\WINDOWS2\system32\drivers\kltap.sys (The OpenVPN Project) ??

Uživatelský avatar
bbdra
Level 2.5
Level 2.5
Příspěvky: 373
Registrován: listopad 13
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod bbdra » 13 čer 2017 03:38

OTL Extras logfile created on: 13.6.2017 3:21:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Adam2\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 67,43% Memory free
5,08 Gb Paging File | 4,21 Gb Available in Paging File | 82,77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 1863,02 Gb Total Space | 1506,70 Gb Free Space | 80,87% Space Free | Partition Type: NTFS
Drive E: | 698,60 Gb Total Space | 602,18 Gb Free Space | 86,20% Space Free | Partition Type: NTFS

Computer Name: BBDRA2-3D0A5E7C | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS) -- (NVIDIA Corporation)
"C:\Program Files\Hearthstone\Hearthstone.exe" = C:\Program Files\Hearthstone\Hearthstone.exe:*:Enabled:Hearthstone -- ()
"C:\WINDOWS2\system32\javaw.exe" = C:\WINDOWS2\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Documents and Settings\Adam2\Plocha\dst\bin\dontstarve_steam.exe" = C:\Documents and Settings\Adam2\Plocha\dst\bin\dontstarve_steam.exe:*:Enabled:dontstarve_steam -- ()
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi -- (LogMeIn Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CF84962-50F8-48CA-9082-B70F3A02C686}" = Kaspersky Secure Connection
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{2CA799E3-0735-4A14-9DA9-55B0160EAD3D}" = MAGIX Video easy HD
"{2E644D2D-993F-43B4-B85A-15363CA777C3}" = Advanced IP Scanner 2.4
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6342D881-EA0C-4402-8538-ECAE1DFB88D5}" = MAGIX Speed burnR (MSI)
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7308600A-5231-459C-A3E2-A637F842CACA}" = OpenOffice 4.1.3
"{7ADEEB5D-F09B-1063-C9C5-94B2A5DF6C8B}" = AMD Catalyst Install Manager
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: The First Encounter
"{89E5827E-EAE7-47F2-A57F-52D92C671983}" = LogMeIn Hamachi
"{8CD50415-04B7-459E-8CBD-DA96A9CDF98E}" = Star Stable Online
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1" = Revo Uninstaller 2.0.3
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7F52857-4B42-4A78-B332-8B42668E5B0B}" = Governor of Poker
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 364.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.10.2.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 141.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.10.2.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}" = Kaspersky Internet Security
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.30
"{FCD7324E-916F-45C5-997C-8673267A4B8E}_is1" = ČeskejPařan.cz - RUST Client verze 1.0
"8B3D7924-ED89-486B-8322-E8594065D5CB_is1" = RogueKiller version 12.11.1.0
"Adobe Flash Player PPAPI" = Adobe Flash Player 23 PPAPI
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.30
"DX-Ball 1.09" = DX-Ball 1.09
"Easy Video Reverser_is1" = Easy Video Reverser
"Exterminate It!" = Exterminate It!
"FL Studio 12" = FL Studio 12
"FL Studio ASIO" = FL Studio ASIO
"Foxit Reader_is1" = Foxit Reader
"Hearthstone" = Hearthstone
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Inkscape" = Inkscape 0.92.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}" = Kaspersky Secure Connection
"InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}" = Kaspersky Internet Security
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"MX.{2CA799E3-0735-4A14-9DA9-55B0160EAD3D}" = MAGIX Video easy HD
"MX.{6342D881-EA0C-4402-8538-ECAE1DFB88D5}" = MAGIX Speed burnR (MSI)
"NetLimiter 3 3.0.0.11" = NetLimiter 3
"Ohmicide VST" = Ohm Force - Ohmicide VST
"Repair Video Master_is1" = Repair Video Master 2.61
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 5.40 (32-bit)
"WOW2_is1" = Sugar Bytes WOW2 Demo 2.1.8
"XP Codec Pack" = XP Codec Pack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.1.2017 1:47:23 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace chromodo.exe, verze 45.9.12.392, chybující modul
pepflashplayer32_23_0_0_207.dll, verze 23.0.0.207, adresa chyby 0x000f4b38.

Error - 29.1.2017 12:36:10 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace Skype.exe, verze 7.30.85.103, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x5a5edabd.

Error - 2.2.2017 18:02:19 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ NetLimiter 3 Events ]
Error - 9.6.2017 7:03:00 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 9.6.2017 7:16:52 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 9.6.2017 7:25:22 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10.6.2017 5:54:15 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10.6.2017 6:05:01 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10.6.2017 6:11:38 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10.6.2017 11:09:57 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10.6.2017 17:31:19 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 11.6.2017 6:42:40 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 11.6.2017 9:16:55 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

[ System Events ]
Error - 11.6.2017 18:20:15 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 11.6.2017 19:20:16 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 10:55:23 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 14:52:16 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 15:52:18 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 16:52:19 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 17:52:19 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 18:52:20 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 19:52:21 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.

Error - 12.6.2017 20:52:21 | Computer Name = BBDRA2-3D0A5E7C | Source = Schannel | ID = 36884
Description = Certifikát přijatý ze vzdáleného serveru neobsahuje očekávaný název.
Z tohoto důvodu není možné určit, zda se připojujete ke správnému serveru. Byl
očekáván název serveru nydus.battle.net. Požadavek na připojení SSL nebyl úspěšný.
Připojená data obsahují certifikát serveru.


< End of report >

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 14.5
Guru Level 14.5
Příspěvky: 36176
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: RTC video PnP listener - prosím o kontrolu logu

Příspěvekod jaro3 » 13 čer 2017 10:12

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
O4 - HKCU..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2016.11.17 16:29:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS2\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 09:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 09:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\WINDOWS2\System32\d3d9caps.dat
C:\WINDOWS\system32\drivers\utmymzq1.sys

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

K čemu slouží DRV - (kltap) -- C:\WINDOWS2\system32\drivers\kltap.sys (The OpenVPN Project) ??

Patří ke Kaspersky Lab.
http://systemexplorer.net/file-database ... s/40601182

Neudělal si SystemLook..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host