Odvšivení
Napsal: 13 kvě 2014 17:30
ahoj,
týden jsem nechal svůj PC na pospas kolegovi a takto dopadl... citrix a safenet potřebuji ke své práci... v PC bylo několik antivirů momentálně je zde pouze AVG 2014 Free
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:26:23, on 13.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
FIREFOX: 29.0.1 (cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SafeNet\BSecClient\AXMonitor.exe
C:\Program Files\SafeNet\BSecClient\dkAutoReg.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Louny\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Louny\Desktop\Rainlendar2\Rainlendar2.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Louny\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://irs.vodafone.cz/vfroot/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\SafeNet\BSecClient\dkstartup.exe
O4 - HKLM\..\Run: [AxMonitor] C:\Program Files\SafeNet\BSecClient\axmonitor.exe
O4 - HKLM\..\Run: [DkAutoReg] C:\Program Files\SafeNet\BSecClient\DkAutoReg.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\drvupd.vbs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Louny\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a9d844378a4647d0b8d795ceba380e97-ad7aec016bf4ad9caff1fdf9f500a29bea3f7759 /CMPID=1213b
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Louny\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=a9d844378a4647d0b8d795ceba380e97-ad7aec016bf4ad9caff1fdf9f500a29bea3f7759 /CMPID=0214c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1004\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'Tereza')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1041\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'winpostgr')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1041\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'winpostgr')
O4 - S-1-5-21-1403657558-1175345301-3840101097-1004 Startup: Dropbox.lnk = Tereza\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tereza')
O4 - S-1-5-21-1403657558-1175345301-3840101097-1004 User Startup: Dropbox.lnk = Tereza\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tereza')
O4 - Startup: Dropbox.lnk = Louny\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Rainlendar2.lnk = Louny\Desktop\Rainlendar2\Rainlendar2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {3F736969-E75E-48F8-99F2-7CB5105ABD15} (Siebel High Interactivity Framework) - https://prm.vodafone.cz/prmportal/21238 ... Client.cab
O16 - DPF: {4CC726C6-6FC0-4FA7-B017-91BA0362BD6F} (UltraMJCamX Class) - http://90.180.11.96/UltraMJCamX.cab
O16 - DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} (CV781Object Object) - http://90.176.23.87/AVC_AX_764.cab
O16 - DPF: {77DBDF9B-E26A-4FB8-A9FC-735CDE187FB4} (Siebel High Interactivity Framework) - https://prm.vodafone.cz/prmportal/21229 ... Client.cab
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://88.102.5.154/DvrOcx.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DkWLNP - DkWLNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\Windows\system32\dklog.exe
O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\Windows\system32\dkcktkn.exe
O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\Windows\system32\dkvcm.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: WinStromService (Service1) - WinStrom s.r.o. - C:\Program Files\WinStrom\winstromservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
O23 - Service: WinStrom-PostgreSQL - PostgreSQL Global Development Group - C:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe
--
End of file - 12570 bytes
ATF + TFC - hotovo
# AdwCleaner v3.208 - Report created 13/05/2014 at 17:11:06
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Louny - LOUNY-THINK
# Running from : C:\Users\Louny\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Louny\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\.autoreg
File Found : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\searchplugins\bingp.xml
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Louny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Public\Documents\AlawarWrapper
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\prefs.js ]
[ File : C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\89vzwkuc.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Louny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[ File : C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6780 octets] - [13/05/2014 17:03:23]
AdwCleaner[R1].txt - [3207 octets] - [13/05/2014 17:11:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3267 octets] ##########
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 13.5.2014
Scan Time: 17:26:11
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.13.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Louny
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352504
Time Elapsed: 13 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
Trojan.Agent.BCM, C:\Windows\inf\mnciysen, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\bitstreams, , [40aca6aabfbc082ec1085f11d32fb848],
Files: 15
Trojan.BitCoinMiner, C:\Windows\expIorer.exe, , [5b9185cb78034ceacbd6ee192fd2827e],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\diablo130302.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\diakgcn121016.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libcurl-4.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libeay32.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libidn-11.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\librtmp.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libssh2.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\mnciysen.exe, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\phatk121016.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\poclbm130302.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\scrypt130511.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\ssleay32.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\zlib1.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [40aca6aabfbc082ec1085f11d32fb848],
Physical Sectors: 0
(No malicious items detected)
(end)
týden jsem nechal svůj PC na pospas kolegovi a takto dopadl... citrix a safenet potřebuji ke své práci... v PC bylo několik antivirů momentálně je zde pouze AVG 2014 Free
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:26:23, on 13.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
FIREFOX: 29.0.1 (cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SafeNet\BSecClient\AXMonitor.exe
C:\Program Files\SafeNet\BSecClient\dkAutoReg.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Louny\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Louny\Desktop\Rainlendar2\Rainlendar2.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Louny\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://irs.vodafone.cz/vfroot/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DkStartup] C:\Program Files\SafeNet\BSecClient\dkstartup.exe
O4 - HKLM\..\Run: [AxMonitor] C:\Program Files\SafeNet\BSecClient\axmonitor.exe
O4 - HKLM\..\Run: [DkAutoReg] C:\Program Files\SafeNet\BSecClient\DkAutoReg.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\drvupd.vbs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Louny\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a9d844378a4647d0b8d795ceba380e97-ad7aec016bf4ad9caff1fdf9f500a29bea3f7759 /CMPID=1213b
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Louny\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=a9d844378a4647d0b8d795ceba380e97-ad7aec016bf4ad9caff1fdf9f500a29bea3f7759 /CMPID=0214c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1004\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'Tereza')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1041\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'winpostgr')
O4 - HKUS\S-1-5-21-1403657558-1175345301-3840101097-1041\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'winpostgr')
O4 - S-1-5-21-1403657558-1175345301-3840101097-1004 Startup: Dropbox.lnk = Tereza\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tereza')
O4 - S-1-5-21-1403657558-1175345301-3840101097-1004 User Startup: Dropbox.lnk = Tereza\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Tereza')
O4 - Startup: Dropbox.lnk = Louny\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Rainlendar2.lnk = Louny\Desktop\Rainlendar2\Rainlendar2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {3F736969-E75E-48F8-99F2-7CB5105ABD15} (Siebel High Interactivity Framework) - https://prm.vodafone.cz/prmportal/21238 ... Client.cab
O16 - DPF: {4CC726C6-6FC0-4FA7-B017-91BA0362BD6F} (UltraMJCamX Class) - http://90.180.11.96/UltraMJCamX.cab
O16 - DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} (CV781Object Object) - http://90.176.23.87/AVC_AX_764.cab
O16 - DPF: {77DBDF9B-E26A-4FB8-A9FC-735CDE187FB4} (Siebel High Interactivity Framework) - https://prm.vodafone.cz/prmportal/21229 ... Client.cab
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://88.102.5.154/DvrOcx.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DkWLNP - DkWLNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\Windows\system32\dklog.exe
O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\Windows\system32\dkcktkn.exe
O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\Windows\system32\dkvcm.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: WinStromService (Service1) - WinStrom s.r.o. - C:\Program Files\WinStrom\winstromservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
O23 - Service: WinStrom-PostgreSQL - PostgreSQL Global Development Group - C:/Program Files/WinStrom/pgsql/bin/pg_ctl.exe
--
End of file - 12570 bytes
ATF + TFC - hotovo
# AdwCleaner v3.208 - Report created 13/05/2014 at 17:11:06
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Louny - LOUNY-THINK
# Running from : C:\Users\Louny\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Louny\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\.autoreg
File Found : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\searchplugins\bingp.xml
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Louny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Public\Documents\AlawarWrapper
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Users\Louny\AppData\Roaming\Mozilla\Firefox\Profiles\nadh8q7u.default\prefs.js ]
[ File : C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\89vzwkuc.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Louny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[ File : C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6780 octets] - [13/05/2014 17:03:23]
AdwCleaner[R1].txt - [3207 octets] - [13/05/2014 17:11:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3267 octets] ##########
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 13.5.2014
Scan Time: 17:26:11
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.13.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Louny
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352504
Time Elapsed: 13 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
Trojan.Agent.BCM, C:\Windows\inf\mnciysen, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\bitstreams, , [40aca6aabfbc082ec1085f11d32fb848],
Files: 15
Trojan.BitCoinMiner, C:\Windows\expIorer.exe, , [5b9185cb78034ceacbd6ee192fd2827e],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\diablo130302.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\diakgcn121016.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libcurl-4.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libeay32.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libidn-11.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\librtmp.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\libssh2.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\mnciysen.exe, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\phatk121016.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\poclbm130302.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\scrypt130511.cl, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\ssleay32.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\zlib1.dll, , [40aca6aabfbc082ec1085f11d32fb848],
Trojan.Agent.BCM, C:\Windows\inf\mnciysen\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [40aca6aabfbc082ec1085f11d32fb848],
Physical Sectors: 0
(No malicious items detected)
(end)