Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DDS:
- DDS (Ver_2012-11-20.01) - NTFS_AMD64
- Internet Explorer: 10.0.9200.16384 BrowserJavaVersion: 10.21.2
- Run by Asparte at 10:43:36 on 2013-10-27
- Microsoft Windows 8 Pro 6.2.9200.0.1250.48.1033.18.4094.2184 [GMT 1:00]
- .
- AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
- AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
- SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
- .
- ============== Running Processes ===============
- .
- C:\Windows\system32\svchost.exe -k DcomLaunch
- C:\Windows\system32\nvvsvc.exe
- C:\Windows\system32\svchost.exe -k RPCSS
- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
- C:\Windows\system32\dwm.exe
- C:\Windows\system32\svchost.exe -k netsvcs
- C:\Windows\system32\svchost.exe -k LocalService
- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- C:\Windows\system32\nvvsvc.exe
- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
- C:\Windows\system32\svchost.exe -k NetworkService
- C:\Windows\System32\spoolsv.exe
- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
- C:\Windows\system32\taskhostex.exe
- C:\Windows\Explorer.EXE
- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- C:\Windows\system32\dashost.exe
- C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe
- C:\Program Files\OO Software\Defrag\oodag.exe
- C:\Windows\SysWOW64\PnkBstrA.exe
- C:\Windows\SysWOW64\PnkBstrB.exe
- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
- C:\Windows\system32\svchost.exe -k imgsvc
- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
- C:\Windows\SysWOW64\vmnat.exe
- C:\Windows\SysWOW64\vmnetdhcp.exe
- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
- C:\Windows\system32\wbem\wmiprvse.exe
- C:\Windows\system32\SearchIndexer.exe
- C:\Windows\system32\wbem\WmiApSrv.exe
- C:\Program Files\Wireshark\Wireshark.exe
- C:\Program Files\OO Software\Defrag\oodtray.exe
- C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
- C:\Users\Asparte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
- C:\Windows\SysWOW64\rundll32.exe
- C:\Program Files\Rainmeter\Rainmeter.exe
- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
- C:\Program Files\ShareX\ShareX.exe
- C:\PROGRA~2\Raptr\raptr.exe
- C:\Windows\system32\taskmgr.exe
- C:\Windows\system32\taskeng.exe
- C:\Program Files\Microsoft Office\Office15\MsoSync.exe
- C:\PROGRA~2\Raptr\raptr_im.exe
- C:\Program Files (x86)\Raptr\raptr_ep64.exe
- C:\Windows\System32\schtasks.exe
- C:\Program Files (x86)\WhatPulse2\whatpulse.exe
- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
- C:\Program Files\Windows Media Player\wmpnetwk.exe
- "C:\Windows\Temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com -O r13:r13 -l 1
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Windows\system32\wbem\wmiprvse.exe
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- C:\Windows\System32\cscript.exe
- .
- ============== Pseudo HJT Report ===============
- .
- uStart Page = hxxp://google.com/
- uProxyServer = socks=127.0.0.1:31337
- mWinlogon: Userinit = userinit.exe,
- BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
- BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
- BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
- BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
- BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
- BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
- BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
- BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
- BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
- uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
- uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
- uRun: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
- uRun: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
- uRun: [puush] C:\Program Files (x86)\puush\puush.exe
- uRun: [Spotify Web Helper] "C:\Users\Asparte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
- uRun: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
- mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
- mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
- mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
- mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
- mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
- mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
- mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
- mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
- mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
- mRun: [MP4 Video Splitter Software.exe] <no file>
- StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Asparte\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
- StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
- StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ShareX.lnk - C:\Program Files\ShareX\ShareX.exe
- StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\O&ODEF~1.LNK - C:\Windows\Installer\{A2EA88AA-8749-457F-B82D-BD236713AE29}\DefragIcon.exe
- IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
- IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
- IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
- IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
- IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
- IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
- IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
- DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
- DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
- DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
- TCP: NameServer = 8.8.8.8 8.8.4.4
- TCP: Interfaces\{ECADDEAA-5396-4237-AC83-213716E1716B} : NameServer = 8.8.8.8,8.8.4.4
- TCP: Interfaces\{ECADDEAA-5396-4237-AC83-213716E1716B} : DHCPNameServer = 8.8.8.8 8.8.4.4
- Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
- Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
- Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
- SSODL: WebCheck - <orphaned>
- mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
- mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
- x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
- x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
- x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
- x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
- x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
- x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
- x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
- x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
- x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
- x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
- x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
- x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
- x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
- x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
- x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
- x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
- x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
- x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
- x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
- x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
- x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
- x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
- x64-SSODL: WebCheck - <orphaned>
- .
- ================= FIREFOX ===================
- .
- FF - ProfilePath - C:\Users\Asparte\AppData\Roaming\Mozilla\Firefox\Profiles\jgpbchhz.default\
- FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
- FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
- FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
- FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
- FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
- FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
- FF - plugin: C:\Users\Asparte\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
- FF - plugin: C:\Users\Asparte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
- FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
- FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
- FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
- .
- ============= SERVICES / DRIVERS ===============
- .
- R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-6-6 56208]
- R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-6-10 70296]
- R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504]
- R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-2-28 50448]
- R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178448]
- R2 MSSQL$INSERTGT;SQL Server (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
- R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-1-29 2560816]
- R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-18 4153184]
- R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
- R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-2-28 29280]
- R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-2-28 29280]
- R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\Drivers\L1C62x64.sys [2013-6-5 58880]
- S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616]
- S2 AVP;Usługa Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-2-28 356128]
- S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
- S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\Drivers\ssadadb.sys [2011-5-13 36328]
- S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-5-21 79360]
- S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-5-21 79360]
- S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-30 17480]
- S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-30 9800]
- S3 rspLLL;rspLLL;C:\Windows\System32\Drivers\rspLLL64.sys [2013-5-23 23968]
- S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
- S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
- S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
- S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
- S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
- S4 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-5-26 245760]
- S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
- S4 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
- S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\Drivers\RsFx0151.sys [2011-6-17 313696]
- S4 SQLAgent$INSERTGT;SQL Server Agent (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
- .
- =============== File Associations ===============
- .
- FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
- .
- =============== Created Last 30 ================
- .
- 2013-10-27 08:35:22 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Malwarebytes
- 2013-10-27 08:35:16 -------- d-----w- C:\ProgramData\Malwarebytes
- 2013-10-27 08:35:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
- 2013-10-27 08:35:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
- 2013-10-26 10:35:07 -------- d-----w- C:\ProgramData\Steam
- 2013-10-22 20:12:07 -------- d-----w- C:\Users\Asparte\WapSter
- 2013-10-22 20:11:37 -------- d-----w- C:\Program Files\WapSter
- 2013-10-20 08:49:19 -------- d-----w- C:\Program Files (x86)\ali213
- 2013-10-20 07:52:10 -------- d-----w- C:\Program Files (x86)\ZOC6
- 2013-10-19 21:56:49 -------- d-----w- C:\Users\Asparte\.thumbnails
- 2013-10-19 21:51:20 -------- d-----w- C:\Users\Asparte\.gimp-2.8
- 2013-10-19 21:51:19 -------- d-----w- C:\Users\Asparte\AppData\Local\gegl-0.2
- 2013-10-19 21:49:54 -------- d-----w- C:\Program Files\GIMP 2
- 2013-10-15 14:27:47 -------- d-----w- C:\Program Files (x86)\VideoLAN
- 2013-10-08 15:52:55 -------- d-----w- C:\Program Files\CPUID
- 2013-10-08 13:45:34 -------- d-----w- C:\Program Files (x86)\XeMu360
- 2013-10-05 13:32:28 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Rainmeter
- 2013-10-05 13:32:26 -------- d-----w- C:\Program Files\Rainmeter
- 2013-10-03 19:19:33 -------- d-----w- C:\Program Files\ShareX
- 2013-10-01 18:48:28 144984 ----a-w- C:\Users\Asparte\whois.exe
- 2013-09-30 19:29:01 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Sublime Text 2
- 2013-09-30 19:28:25 -------- d-----w- C:\Program Files\Sublime Text 2
- 2013-09-28 09:51:26 -------- d-----w- C:\Program Files (x86)\ffdshow
- 2013-09-27 19:05:06 -------- d-----w- C:\Windows\System32\oodag
- 2013-09-27 19:03:44 -------- d-----w- C:\Program Files\OO Software
- 2013-09-27 19:03:11 -------- d-----w- C:\ProgramData\OO Software
- 2013-09-27 18:57:32 -------- d-----w- C:\Users\Asparte\AppData\Local\O&O
- 2013-09-27 17:06:21 -------- d-----w- C:\Users\Asparte\AppData\Local\Downloaded Installations
- .
- ==================== Find3M ====================
- .
- 2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
- 2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
- 2013-10-10 15:12:32 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys
- 2013-09-12 17:39:36 468480 ----a-w- C:\Windows\System32\deployJava1.dll
- 2013-08-22 12:10:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
- 2013-08-22 12:10:10 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
- 2013-08-22 12:10:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
- .
- ============= FINISH: 10:44:10.31 ===============
- Attach.txt
- .
- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
- IF REQUESTED, ZIP IT UP & ATTACH IT
- .
- DDS (Ver_2012-11-20.01)
- .
- Microsoft Windows 8 Pro
- Boot Device: \Device\HarddiskVolume1
- Install Date: 5/21/2013 6:03:40 PM
- System Uptime: 10/27/2013 10:34:29 AM (0 hours ago)
- .
- Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
- Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2500/333mhz
- .
- ==== Disk Partitions =========================
- .
- A: is Removable
- C: is FIXED (NTFS) - 70 GiB total, 4.973 GiB free.
- D: is FIXED (NTFS) - 29 GiB total, 2.882 GiB free.
- F: is FIXED (NTFS) - 196 GiB total, 2.684 GiB free.
- G: is FIXED (NTFS) - 59 GiB total, 0.431 GiB free.
- H: is FIXED (NTFS) - 61 GiB total, 4.087 GiB free.
- I: is FIXED (NTFS) - 200 GiB total, 3.685 GiB free.
- J: is CDROM ()
- .
- ==== Disabled Device Manager Items =============
- .
- ==== System Restore Points ===================
- .
- RP43: 10/26/2013 12:27:36 PM - Installed DirectX
- .
- ==== Installed Programs ======================
- .
- ????-????? ?? 0.6.19374
- 18 Wheels of Steel: Haulin'
- 7-Zip 9.20 (x64 edition)
- AAC to MP3 Converter
- Action!
- Adobe AIR
- Adobe Audition CS6
- Adobe Flash Player 11 Plugin
- Adobe Help Manager
- Adobe Reader XI (11.0.03)
- Aegisub 3.0.4
- OŠUCA‚̉ʎŔ
- Apple Application Support
- Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
- Audacity 2.0.3
- AviSynth 2.5
- Battlefield 3™
- BeamNG-Techdemo-0.3 (remove only)
- BeamNG DRIVE 0.3.06
- BitTorrent
- bl
- Brother MFL-Pro Suite DCP-J515W
- BurnAware Free 6.4
- Burnout Paradise: The Ultimate Box
- Camtasia Studio 7
- CodeBlocks
- Counter-Strike
- CPUID CPU-Z 1.66.1
- Creative ALchemy
- Creative Audio Control Panel
- Creative Entertainment Console
- Creative Software AutoUpdate
- Creative Sound Blaster Properties x64 Edition
- CrystalDiskInfo 5.6.2 Shizuku Edition
- EaseUS Partition Master 9.2.2
- Euro Truck Simulator 2 wersja 1.5.2.1s
- Extension Changer
- Facebook Messenger 2.1.4814.0
- FeedDemon
- FIFA 14 Demo
- foobar2000 v1.2.8
- FormatFactory 2.96
- Freemake Video Downloader
- GetFLV 9.1.2.6
- GIF Viewer 3.3
- GIMP 2.8.6
- Google Chrome
- Google Update Helper
- GPU Caps Viewer 1.18.1
- Grand Theft Auto IV
- Guifications Plugin (remove only)
- Haali Media Splitter
- Handbrake 5596 Nightly
- HashTab 5.1.0.23
- HeidiSQL 8.0.0.4396
- HxD Hex Editor version 1.7.7.0
- ˇ¶300Ó˘Đۡ· °ć±ľ 0.2.0
- InsERT GT 1.32 HF2
- Intel Processor Diagnostic Tool 64Bit
- IrfanView (remove only)
- Java 7 Update 21
- Java Auto Updater
- Java(TM) 6 Update 21 (64-bit)
- JDownloader 0.9
- Kaspersky Internet Security 2013
- KeePass Password Safe 2.23
- KMP Media Toolbar
- KVIrc
- LAME v3.99.3 (for Windows)
- Last.fm Scrobbler 2.1.36
- LatencyMon 5.00
- LAV Filters 0.58.1
- Mal Updater 2.95
- Malwarebytes Anti-Malware version 1.75.0.1300
- Medal of Honor(TM) Single Player
- Media Preview
- MediaCoder 0.8.22.5506
- Metin2
- Microsoft Access MUI (English) 2013
- Microsoft Access Setup Metadata MUI (English) 2013
- Microsoft Application Error Reporting
- Microsoft DCF MUI (English) 2013
- Microsoft Excel MUI (English) 2013
- Microsoft Games for Windows - LIVE Redistributable
- Microsoft Games for Windows Marketplace
- Microsoft Groove MUI (English) 2013
- Microsoft InfoPath MUI (English) 2013
- Microsoft Lync MUI (English) 2013
- Microsoft Office 32-bit Components 2013
- Microsoft Office OSM MUI (English) 2013
- Microsoft Office OSM UX MUI (English) 2013
- Microsoft Office Professional Plus 2013
- Microsoft Office Proofing (English) 2013
- Microsoft Office Proofing Tools 2013 - English
- Microsoft Office Proofing Tools 2013 - Espanol
- Microsoft Office Shared 32-bit MUI (English) 2013
- Microsoft Office Shared MUI (English) 2013
- Microsoft Office Shared Setup Metadata MUI (English) 2013
- Microsoft OneNote MUI (English) 2013
- Microsoft Outlook MUI (English) 2013
- Microsoft PowerPoint MUI (English) 2013
- Microsoft Publisher MUI (English) 2013
- Microsoft Silverlight
- Microsoft SQL Server 2005 Backward compatibility
- Microsoft SQL Server 2008 R2 (64-bit)
- Microsoft SQL Server 2008 R2 Native Client
- Microsoft SQL Server 2008 R2 RsFx Driver
- Microsoft SQL Server 2008 R2 Setup (English)
- Microsoft SQL Server 2008 Setup Support Files
- Microsoft SQL Server Browser
- Microsoft SQL Server VSS Writer
- Microsoft Visual C++ 2005 Redistributable
- Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
- Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
- Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
- Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
- Microsoft Word MUI (English) 2013
- Microsoft XNA Framework Redistributable 4.0
- MKV Font Extractor 1.0.0
- MKVToolNix 6.2.0
- Mozilla Firefox 24.0 (x86 en-US)
- Mozilla Maintenance Service
- MP4 Video Splitter Software
- MPC-HC 1.6.8
- MSVCRT Redists
- NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst
- Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski
- Need for Speed™ Most Wanted
- Neverwinter
- Nmap 6.40
- Notepad++
- NVIDIA Control Panel 314.22
- NVIDIA Graphics Driver 314.22
- NVIDIA Install Application
- NVIDIA PhysX
- NVIDIA PhysX System Software 9.12.1031
- NyuFX
- O&O Defrag Professional
- OCCT 4.4.0
- Open Broadcaster Software
- Origin
- osu!
- Outils de vérification linguistique 2013 de Microsoft Office - Français
- ph
- Pidgin
- PITy 2012 dla Windows kompilacja:1.4.5.12
- Portal 2
- PremiumSoft Navicat Premium 9.1
- PunkBuster Services
- Rainmeter
- Raptr
- Realtek High Definition Audio Driver
- Resource Hacker Version 3.6.0
- Rigs of Rods 0.38.67
- Scribus 1.4.3 (64bit)
- Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
- Setup - FIFA 14 Ultimate Edition ...
- ShareX 8.2.0.655
- Skype™ 6.9
- Spotify
- SQL Server 2008 R2 SP1 Common Files
- SQL Server 2008 R2 SP1 Database Engine Services
- SQL Server 2008 R2 SP1 Database Engine Shared
- Sql Server Customer Experience Improvement Program
- Steam
- Sterowniki firmy InsERT 5.08
- Sublime Text 2.0.2
- TeamSpeak 3 Client
- TeamViewer 8
- The KMPlayer (remove only)
- tools-windows
- Tunatic
- Unity Web Player
- Update for Japanese Microsoft IME Postal Code Dictionary
- Update for Japanese Microsoft IME Standard Dictionary
- Update for Japanese Microsoft IME Standard Extended Dictionary
- Vegas Pro 12.0 (64-bit)
- VLC media player 2.1.0
- VMware Player
- Volume Panel
- WapSter AQQ
- WhatPulse version 2.1.1
- Windows Media Encoder 9 Series
- WinHTTrack Website Copier 3.47-20 (x64)
- WinMerge 2.14.0
- WinPcap 4.1.3
- Wireshark 1.10.1 (64-bit)
- XAMPP
- xy-VSFilter 3.0.0.211
- ZOC Terminal 6.4
- .
- ==== Event Viewer Messages From Past Week ========
- .
- 10/23/2013 4:15:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
- .
- ==== End Of File ===========================
- RogueKiller
- RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy
- mail : tigzyRK<at>gmail<dot>com
- Feedback : http://www.adlice.com/forum/
- Website : http://www.adlice.com/softwares/roguekiller/
- Blog : http://tigzyrk.blogspot.com/
- Operating System : Windows 8 (6.2.9200 ) 64 bits version
- Started in : Normal mode
- User : Asparte [Admin rights]
- Mode : Scan -- Date : 10/27/2013 14:41:41
- | ARK || FAK || MBR |
- ¤¤¤ Bad processes : 0 ¤¤¤
- ¤¤¤ Registry Entries : 3 ¤¤¤
- [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:31337 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
- [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
- [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
- ¤¤¤ Scheduled tasks : 1 ¤¤¤
- [V2][SUSP PATH] Origin : C:\Users\Asparte\AppData\Roaming\Origin\update.vbe [-] -> FOUND
- ¤¤¤ Startup Entries : 0 ¤¤¤
- ¤¤¤ Web browsers : 0 ¤¤¤
- ¤¤¤ Particular Files / Folders: ¤¤¤
- ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
- ¤¤¤ External Hives: ¤¤¤
- -> H:\Documents and Settings\Asparte\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
- -> H:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
- -> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
- ¤¤¤ Infection : ¤¤¤
- ¤¤¤ HOSTS File: ¤¤¤
- --> %SystemRoot%\System32\drivers\etc\hosts
- 127.0.0.1 www.amoninst.com # hosts anti-adware / pups
- 127.0.0.1 www.smarterpcsolutions.net # hosts anti-adware / pups
- 127.0.0.1 www.newhtsoft.com # hosts anti-adware / pups
- 127.0.0.1 www.simplyinstaller.com # hosts anti-adware / pups
- 127.0.0.1 www.tsxnrey.com # hosts anti-adware / pups
- 127.0.0.1 www.dynamicmonetizer.com # hosts anti-adware / pups
- 127.0.0.1 trf33pro.euroclicaelimite.netdna-cdn.com # hosts anti-adware / pups
- 127.0.0.1 cdn3.otherdownload.com # hosts anti-adware / pups
- 127.0.0.1 cdn.goateastcach.us # hosts anti-adware / pups
- 127.0.0.1 cdn2.otherdownload.com # hosts anti-adware / pups
- 127.0.0.1 d11ftuwdwpx4fl.cloudfront.net # hosts anti-adware / pups
- 127.0.0.1 cdn.cdndp.com # hosts anti-adware / pups
- 127.0.0.1 www.goplayer.cc # hosts anti-adware / pups
- 127.0.0.1 download.lollipop-network.com # hosts anti-adware / pups
- 127.0.0.1 downloadinfo.co # hosts anti-adware / pups
- 127.0.0.1 s.xingcloud.com # hosts anti-adware / pups
- 127.0.0.1 dl.elex.soft365.com # hosts anti-adware / pups
- 127.0.0.1 lproot.soft365.com # hosts anti-adware / pups
- 127.0.0.1 www.twonext.com # hosts anti-adware / pups
- 127.0.0.1 service.getwebcake.com # hosts anti-adware / pups
- [...]
- ¤¤¤ MBR Check: ¤¤¤
- +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++
- --- User ---
- [MBR] 557834e5c39f13f6e91038dd94a57703
- [BSP] 240d2d26cc4237b8f7e9fddec0b00625 : Windows 7/8 MBR Code
- Partition table:
- 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
- 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 71579 Mo
- 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 146800640 | Size: 204798 Mo
- 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 566233025 | Size: 200456 Mo
- User = LL1 ... OK!
- User = LL2 ... OK!
- +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD160JJ ATA Device +++++
- --- User ---
- [MBR] 91b0f5e790051a4f856fe07006e38b45
- [BSP] 50c206d79625bae06f5f5e82fae42921 : Windows XP MBR Code
- Partition table:
- 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
- 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 122621 Mo
- User = LL1 ... OK!
- User = LL2 ... OK!
- Finished : << RKreport[0]_S_10272013_144141.txt >>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement