Jak pozbyć się, usunąć wirusa Coin Miner ?

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
Vollerr

Użytkownik
Posty: 1
Rejestracja: 29 kwie 2013, 17:35

Jak pozbyć się, usunąć wirusa Coin Miner ?

Post29 kwie 2013, 18:42

siemka, byłem na facebook'u i ktoś wysłał mi jakiś link pobrałem go ale nic sie niestało(nw o co chodzi)
pozniej ten ktoś napisał mi ze samo mu sie wysłało cos, po jakimś czasie ten sam link powysyłał mi sie do wszystkich znajomych.. . teraz co chwila przestają działać mi rozne programy.. :X i bardzo zmulił mi sie komputer, nw co mam robić pomózcie!!! (wydaje mi sie ze to coinminer) OTL:

Dostępne tylko dla zarejestrowanych użytkowników
Ostatnio zmieniony 29 kwie 2013, 18:42 przez XMan, łącznie zmieniany 3 razy.
Powód: korekta tytułu tematu, przenosłem z działu Problemy --> Bezpieczeństwo

Awatar użytkownika
XMan

Globalny Moderator
Posty: 13385
Rejestracja: 30 lis 2008, 00:40

Jak pozbyć się, usunąć wirusa Coin Miner ?

Post29 kwie 2013, 18:48

Regulamin Bezpieczeństwa
Proszę nie korzystać z tagów QUOTE oraz CODE
Do wrzucania logów korzystamy tylko i jedynie z serwisu Dostępne tylko dla zarejestrowanych użytkowników
Jest on najlepszy z powodu nie obcinania długich partii tekstu i nie cechuje się ,,duperelami"

Najważniejsze logi:
OTL (OTL.txt + Extras.txt) --> http://www.hotfix.pl/obsluga-programu-otl-a143.htm
TDSSKiller --> http://www.hotfix.pl/instrukcja-obslugi ... r-a341.htm
Logi wklej na: Dostępne tylko dla zarejestrowanych użytkowników
Na forum podaj link do nich.
Kto pyta - nie błądzi, kto szuka - znajduje.
Obrazek
Dostępne tylko dla zarejestrowanych użytkowników

Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:

Jak pozbyć się, usunąć wirusa Coin Miner ?

Post29 kwie 2013, 21:48

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&barid={66D2F0E0-1407-42DF-908D-AE2454D50922}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {EF79E1F7-2137-4CEB-962B-833691352FEC}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=119370&tt=180413_ctrl&babsrc=SP_ss&mntrId=AC3F8C89A5819356
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\..\SearchScopes\{4A720000-424D-40a9-A87E-3EBD3E7536CA}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{F108C312-1EF1-48B0-9615-F76ABF8B96EA}&mid=4deb4049522647d0bdf55dc0e3657aa5-7bdf9c8af6963816af20af99cd422dd22f4b11f8&lang=en&ds=ft011&pr=sa&d=2013-01-11 19:24:26&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AF490A53-3F5B-45ED-8365-A96AA1B78B6C}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&cc=&r=455
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=117242&tt=5112_7&babsrc=SP_ss&mntrId=ac3fce950000000000008c89a5819356
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&barid={66D2F0E0-1407-42DF-908D-AE2454D50922}
IE - HKCU\..\SearchScopes\{EF79E1F7-2137-4CEB-962B-833691352FEC}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "PasswordBox"
FF - prefs.js..browser.search.order.1: "Tuvaro"
FF - prefs.js..browser.search.selectedEngine: "Tuvaro"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?ptb=130DAB00-1CBC-408D-AA8A-EFE6D9BA7FEE&n=77ee12ea&ptnrS=Z7xdm189YYpl&si=jenya"
FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:2.50.0.65474
FF - prefs.js..extensions.enabledAddons: gtffxtbr%40GamingWonderland.com:2.50.0.65312
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40tuvaro.com:1.5.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=130DAB00-1CBC-408D-AA8A-EFE6D9BA7FEE&n=77ee12ea&ind=2012091114&id=Z7xdm189YYpl&ptnrS=Z7xdm189YYpl&si=jenya&searchfor="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2012-09-11 13:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gtffxtbr@GamingWonderland.com: C:\Program Files (x86)\GamingWonderland\bar\1.bin [2012-09-11 13:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-19 16:49:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013-04-19 08:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firefox@passwordbox.com: C:\Users\USER1\AppData\Local\PasswordBox\Firefox [2013-04-27 11:17:11 | 000,000,000 | ---D | M]
[2012-12-21 12:25:39 | 000,000,000 | ---D | M] (Certified Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\{624ad42d-e714-46b4-843e-c7094f740b0f}
[2013-01-17 11:24:02 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com
[2013-04-19 08:22:06 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\amo@dealplyshopping.com
[2012-12-21 12:13:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\ffxtlbr@babylon.com
[2013-04-19 08:14:05 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\ffxtlbr@delta.com
[2013-03-09 18:08:05 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\ffxtlbr@mixidj.com
[2013-04-27 11:23:54 | 000,000,000 | ---D | M] (Tuvaro) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\ffxtlbr@tuvaro.com
[2013-01-17 11:24:03 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\yrjkqey0.default\extensions\gtffxtbr@GamingWonderland.com
[2013-01-17 11:24:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013-04-28 12:48:21 | 000,006,514 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\babylon.xml
[2012-12-21 12:13:42 | 000,002,432 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\babylon1.xml
[2012-09-11 14:47:36 | 000,002,223 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\BabylonMngr.xml
[2013-04-28 12:48:21 | 000,006,514 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\BrowserProtect.xml
[2013-04-19 08:14:06 | 000,001,294 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\delta.xml
[2013-03-09 18:08:06 | 000,001,296 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\mixidj.xml
[2012-09-11 14:26:09 | 000,009,650 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\my-web-search.xml
[2013-04-27 11:17:35 | 000,002,047 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\passwordbox.xml
[2012-06-09 18:25:18 | 000,002,060 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\softonic.xml
[2012-09-13 16:47:59 | 000,003,984 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\sweetim.xml
[2013-04-27 11:19:07 | 000,001,407 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\tuvaro.xml
[2012-12-21 12:25:36 | 000,003,269 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\yrjkqey0.default\searchplugins\Web Search.xml
[2013-03-08 13:29:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-02-19 16:49:35 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013-04-19 08:13:45 | 000,006,511 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-12-01 18:40:25 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
[2012-12-21 12:25:36 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
CHR - Extension: PasswordBox = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke\1.3.1.385_0\
CHR - Extension: PasswordBox = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke\1.3.1.385_0\.bak
CHR - Extension: MixiDJ Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp\1.0_0\
CHR - Extension: Babylon Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: Delta Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: Certified Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcmilhmkaganinonedmjidmceoppaajg\2.1_0\
CHR - Extension: Skype Click to Call = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: AVG Security Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Tuvaro Chrome Toolbar = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_1\
CHR - Extension: BrowserProtect = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKCU..\Run: [minerLoader] C:\Users\USER1\AppData\Local\Temp\xljjrotxlrp.exe ()
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RazossUpdater.lnk = C:\Users\USER1\AppData\Local\Razoss\Application\RazossUpdater.exe (Razoss Bar)
O4 - Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\USER1\AppData\Roaming\WindowsPE\usft_ext.exe.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKLM Winlogon: Shell - (serwos.exe) - C:\Windows\serwos.exe ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - z_.exeE File not found
O27:64bit: - HKLM IFEO\housecalllauncher.exe: Debugger - k_.exeE File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - gtqa_.exe File not found
O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - ttda_.exefound File not found
O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - r_.exeE File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - k_.exeE File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - z_.exeE File not found
O27 - HKLM IFEO\housecalllauncher.exe: Debugger - k_.exeE File not found
O27 - HKLM IFEO\mbam.exe: Debugger - gtqa_.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - ttda_.exefound File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - r_.exeE File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - k_.exeE File not found
[2013-04-27 11:26:47 | 000,774,640 | ---- | C] (Google Inc.) -- C:\Users\USER1\Desktop\ChromeSetup.exe
[2013-04-27 11:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuvaro
[2013-04-27 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\tuvaro
[2013-04-27 11:17:35 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\PasswordBox Search
[2013-04-27 11:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordBox
[2013-04-27 11:17:11 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\PasswordBox
[2013-04-27 11:15:29 | 013,168,216 | ---- | C] (Opera Software ASA) -- C:\Users\USER1\Desktop\Opera_1215_int_Setup.exe
[2013-04-26 23:33:58 | 021,800,576 | ---- | C] (Mozilla) -- C:\Users\USER1\Desktop\Firefox-Setup-20-0-1.exe
[2013-04-26 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\WindowsPE
[2013-04-21 06:58:58 | 017,605,512 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\USER1\Desktop\install_flash_player.exe
[2013-04-20 08:47:44 | 009,304,264 | ---- | C] (Wargaming.net ) -- C:\Users\USER1\Desktop\WoT_internet_install_eu.exe
[2013-04-20 06:45:05 | 000,770,048 | ---- | C] (SparkLabs) -- C:\ProgramData\D5D5.exe
[2013-04-20 06:43:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\894fy894yt980
[2013-04-20 06:43:15 | 000,770,048 | ---- | C] (SparkLabs) -- C:\ProgramData\299F.exe
[2013-04-20 06:42:36 | 000,770,048 | ---- | C] (SparkLabs) -- C:\ProgramData\90AB.exe
[2013-04-20 06:42:07 | 000,770,048 | ---- | C] (SparkLabs) -- C:\ProgramData\1FDF.exe
[2013-04-20 06:41:35 | 000,770,048 | ---- | C] (SparkLabs) -- C:\ProgramData\9F0C.exe
[2013-04-19 08:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013-04-19 08:22:16 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Optimizer Pro
[2013-04-19 08:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013-04-19 08:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013-04-19 08:22:07 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\DealPly
[2013-04-19 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013-04-19 08:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013-04-19 08:22:03 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\Lollipop
[2013-04-19 08:14:37 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013-04-19 08:14:20 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\BabSolution
[2013-04-19 08:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013-04-19 08:14:04 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Delta
[2013-04-19 08:13:37 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\DSite
[2013-04-19 08:00:23 | 002,326,976 | ---- | C] (Beepa Pty Ltd) -- C:\Users\USER1\Desktop\setup.exe
[2013-04-28 00:07:48 | 000,041,472 | ---- | M] () -- C:\Windows\serwos.exe737
[2013-04-27 22:06:28 | 000,041,472 | ---- | M] () -- C:\Windows\serwos.exe354
[2013-04-27 20:26:50 | 000,000,017 | ---- | M] () -- C:\ProgramData\systemskey.ini
[2013-04-27 20:26:49 | 000,041,472 | ---- | M] () -- C:\Windows\serwos.exe510
[2013-04-27 20:25:11 | 000,162,304 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\hcsyjluggw.exe
[2013-04-27 20:24:23 | 000,162,304 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\fkfhcaymme.exe
[2013-04-27 11:26:48 | 000,774,640 | ---- | M] (Google Inc.) -- C:\Users\USER1\Desktop\ChromeSetup.exe
[2013-04-27 11:16:24 | 013,168,216 | ---- | M] (Opera Software ASA) -- C:\Users\USER1\Desktop\Opera_1215_int_Setup.exe
[2013-04-27 09:09:42 | 000,075,264 | ---- | M] () -- C:\ProgramData\__00c4ae4c.lnk
[2013-04-26 23:35:28 | 021,800,576 | ---- | M] (Mozilla) -- C:\Users\USER1\Desktop\Firefox-Setup-20-0-1.exe
[2013-04-21 07:01:15 | 017,605,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\USER1\Desktop\install_flash_player.exe
[2013-04-20 09:45:21 | 000,072,704 | ---- | M] () -- C:\ProgramData\C40D.exe
[2013-04-20 09:43:58 | 000,072,704 | ---- | M] () -- C:\ProgramData\317F.exe
[2013-04-20 09:43:23 | 000,072,704 | ---- | M] () -- C:\ProgramData\8BA.exe
[2013-04-20 09:43:04 | 000,072,704 | ---- | M] () -- C:\ProgramData\741A.exe
[2013-04-20 09:42:25 | 000,072,704 | ---- | M] () -- C:\ProgramData\7D0.exe
[2013-04-20 09:41:44 | 000,072,704 | ---- | M] () -- C:\ProgramData\7F02.exe
[2013-04-20 09:30:19 | 000,072,704 | ---- | M] () -- C:\ProgramData\6B7.exe
[2013-04-20 09:28:35 | 000,072,704 | ---- | M] () -- C:\ProgramData\7486.exe
[2013-04-20 09:28:33 | 000,072,704 | ---- | M] () -- C:\ProgramData\4BA3.exe
[2013-04-20 09:27:48 | 000,072,704 | ---- | M] () -- C:\ProgramData\B2ED.exe
[2013-04-20 09:27:25 | 000,072,704 | ---- | M] () -- C:\ProgramData\45D9.exe
[2013-04-20 09:26:59 | 000,072,704 | ---- | M] () -- C:\ProgramData\C18D.exe
[2013-04-20 09:15:13 | 000,072,704 | ---- | M] () -- C:\ProgramData\397A.exe
[2013-04-20 09:13:34 | 000,072,704 | ---- | M] () -- C:\ProgramData\B6E3.exe
[2013-04-20 09:13:25 | 000,072,704 | ---- | M] () -- C:\ProgramData\8E8B.exe
[2013-04-20 09:12:44 | 000,072,704 | ---- | M] () -- C:\ProgramData\F5E5.exe
[2013-04-20 09:12:14 | 000,072,704 | ---- | M] () -- C:\ProgramData\8632.exe
[2013-04-20 09:11:40 | 000,072,704 | ---- | M] () -- C:\ProgramData\466.exe
[2013-04-20 09:00:10 | 000,072,704 | ---- | M] () -- C:\ProgramData\7C24.exe
[2013-04-20 08:58:31 | 000,072,704 | ---- | M] () -- C:\ProgramData\F9BC.exe
[2013-04-20 08:58:20 | 000,072,704 | ---- | M] () -- C:\ProgramData\D107.exe
[2013-04-20 08:57:41 | 000,072,704 | ---- | M] () -- C:\ProgramData\3851.exe
[2013-04-20 08:57:13 | 000,072,704 | ---- | M] () -- C:\ProgramData\C9C6.exe
[2013-04-20 08:56:40 | 000,072,704 | ---- | M] () -- C:\ProgramData\47EB.exe
[2013-04-20 08:48:20 | 009,304,264 | ---- | M] (Wargaming.net ) -- C:\Users\USER1\Desktop\WoT_internet_install_eu.exe
[2013-04-20 08:45:11 | 000,072,704 | ---- | M] () -- C:\ProgramData\BFF7.exe
[2013-04-20 08:43:32 | 000,072,704 | ---- | M] () -- C:\ProgramData\3D8E.exe
[2013-04-20 08:43:22 | 000,072,704 | ---- | M] () -- C:\ProgramData\14BA.exe
[2013-04-20 08:42:43 | 000,072,704 | ---- | M] () -- C:\ProgramData\7BF5.exe
[2013-04-20 08:42:16 | 000,072,704 | ---- | M] () -- C:\ProgramData\D6A.exe
[2013-04-20 08:41:41 | 000,072,704 | ---- | M] () -- C:\ProgramData\8B9E.exe
[2013-04-20 08:30:10 | 000,072,704 | ---- | M] () -- C:\ProgramData\2EF.exe
[2013-04-20 08:28:32 | 000,072,704 | ---- | M] () -- C:\ProgramData\800A.exe
[2013-04-20 08:28:22 | 000,072,704 | ---- | M] () -- C:\ProgramData\5774.exe
[2013-04-20 08:27:42 | 000,072,704 | ---- | M] () -- C:\ProgramData\BEBE.exe
[2013-04-20 08:27:14 | 000,072,704 | ---- | M] () -- C:\ProgramData\5034.exe
[2013-04-20 08:26:41 | 000,072,704 | ---- | M] () -- C:\ProgramData\CD2F.exe
[2013-04-20 08:15:11 | 000,072,704 | ---- | M] () -- C:\ProgramData\45A9.exe
[2013-04-20 08:13:31 | 000,072,704 | ---- | M] () -- C:\ProgramData\C2B4.exe
[2013-04-20 08:13:20 | 000,072,704 | ---- | M] () -- C:\ProgramData\99E0.exe
[2013-04-20 08:12:42 | 000,072,704 | ---- | M] () -- C:\ProgramData\168.exe
[2013-04-20 08:12:14 | 000,072,704 | ---- | M] () -- C:\ProgramData\92CE.exe
[2013-04-20 08:11:40 | 000,072,704 | ---- | M] () -- C:\ProgramData\FF9.exe
[2013-04-20 08:00:10 | 000,072,704 | ---- | M] () -- C:\ProgramData\8891.exe
[2013-04-20 07:58:30 | 000,072,704 | ---- | M] () -- C:\ProgramData\56E.exe
[2013-04-20 07:58:22 | 000,072,704 | ---- | M] () -- C:\ProgramData\DC8A.exe
[2013-04-20 07:57:41 | 000,072,704 | ---- | M] () -- C:\ProgramData\43D4.exe
[2013-04-20 07:57:13 | 000,072,704 | ---- | M] () -- C:\ProgramData\D559.exe
[2013-04-20 07:56:39 | 000,072,704 | ---- | M] () -- C:\ProgramData\5255.exe
[2013-04-20 07:45:09 | 000,072,704 | ---- | M] () -- C:\ProgramData\CB7A.exe
[2013-04-20 07:43:30 | 000,072,704 | ---- | M] () -- C:\ProgramData\4808.exe
[2013-04-20 07:43:19 | 000,072,704 | ---- | M] () -- C:\ProgramData\1ED7.exe
[2013-04-20 07:42:41 | 000,072,704 | ---- | M] () -- C:\ProgramData\866F.exe
[2013-04-20 07:42:13 | 000,072,704 | ---- | M] () -- C:\ProgramData\1852.exe
[2013-04-20 07:41:40 | 000,072,704 | ---- | M] () -- C:\ProgramData\953E.exe
[2013-04-20 07:30:09 | 000,072,704 | ---- | M] () -- C:\ProgramData\E05.exe
[2013-04-20 07:28:30 | 000,072,704 | ---- | M] () -- C:\ProgramData\8B01.exe
[2013-04-20 07:28:25 | 000,072,704 | ---- | M] () -- C:\ProgramData\61A0.exe
[2013-04-20 07:27:40 | 000,072,704 | ---- | M] () -- C:\ProgramData\C929.exe
[2013-04-20 07:27:11 | 000,072,704 | ---- | M] () -- C:\ProgramData\586D.exe
[2013-04-20 07:26:38 | 000,072,704 | ---- | M] () -- C:\ProgramData\D70E.exe
[2013-04-20 07:15:16 | 000,072,704 | ---- | M] () -- C:\ProgramData\50AF.exe
[2013-04-20 07:13:30 | 000,072,704 | ---- | M] () -- C:\ProgramData\CD9B.exe
[2013-04-20 07:13:19 | 000,072,704 | ---- | M] () -- C:\ProgramData\A44A.exe
[2013-04-20 07:12:42 | 000,072,704 | ---- | M] () -- C:\ProgramData\BA4.exe
[2013-04-20 07:12:12 | 000,072,704 | ---- | M] () -- C:\ProgramData\9B26.exe
[2013-04-20 07:11:38 | 000,072,704 | ---- | M] () -- C:\ProgramData\19B8.exe
[2013-04-20 07:00:08 | 000,072,704 | ---- | M] () -- C:\ProgramData\931B.exe
[2013-04-20 06:58:30 | 000,072,704 | ---- | M] () -- C:\ProgramData\1046.exe
[2013-04-20 06:58:19 | 000,072,704 | ---- | M] () -- C:\ProgramData\E6E5.exe
[2013-04-20 06:57:39 | 000,072,704 | ---- | M] () -- C:\ProgramData\4E20.exe
[2013-04-20 06:57:11 | 000,072,704 | ---- | M] () -- C:\ProgramData\DDA2.exe
[2013-04-20 06:56:38 | 000,072,704 | ---- | M] () -- C:\ProgramData\5C81.exe
[2013-04-20 06:45:05 | 000,770,048 | ---- | M] (SparkLabs) -- C:\ProgramData\D5D5.exe
[2013-04-20 06:43:15 | 000,770,048 | ---- | M] (SparkLabs) -- C:\ProgramData\299F.exe
[2013-04-20 06:42:36 | 000,770,048 | ---- | M] (SparkLabs) -- C:\ProgramData\90AB.exe
[2013-04-20 06:42:07 | 000,770,048 | ---- | M] (SparkLabs) -- C:\ProgramData\1FDF.exe
[2013-04-20 06:41:40 | 000,770,048 | ---- | M] (SparkLabs) -- C:\ProgramData\9F0C.exe
[2013-04-19 08:20:57 | 000,158,144 | ---- | M] () -- C:\Users\USER1\Desktop\HC2Setup.exe
[2013-04-19 08:00:25 | 002,326,976 | ---- | M] (Beepa Pty Ltd) -- C:\Users\USER1\Desktop\setup.exe
[2013-04-27 22:06:28 | 000,041,472 | ---- | C] () -- C:\Windows\serwos.exe889
[2013-04-27 22:06:28 | 000,041,472 | ---- | C] () -- C:\Windows\serwos.exe737
[2013-04-27 22:06:28 | 000,041,472 | ---- | C] () -- C:\Windows\serwos.exe354
[2013-04-27 22:06:28 | 000,041,472 | ---- | C] () -- C:\Windows\serwos.exe
[2013-04-27 20:26:50 | 000,041,472 | ---- | C] () -- C:\Windows\serwos.exe510
[2013-04-27 20:26:50 | 000,000,017 | ---- | C] () -- C:\ProgramData\systemskey.ini
[2013-04-27 20:25:11 | 000,162,304 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\hcsyjluggw.exe
[2013-04-27 20:24:23 | 000,162,304 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\fkfhcaymme.exe
[2013-04-20 09:45:15 | 000,072,704 | ---- | C] () -- C:\ProgramData\C40D.exe
[2013-04-20 09:43:37 | 000,072,704 | ---- | C] () -- C:\ProgramData\317F.exe
[2013-04-20 09:43:21 | 000,072,704 | ---- | C] () -- C:\ProgramData\8BA.exe
[2013-04-20 09:42:44 | 000,072,704 | ---- | C] () -- C:\ProgramData\741A.exe
[2013-04-20 09:42:18 | 000,072,704 | ---- | C] () -- C:\ProgramData\7D0.exe
[2013-04-20 09:41:41 | 000,072,704 | ---- | C] () -- C:\ProgramData\7F02.exe
[2013-04-20 09:30:15 | 000,072,704 | ---- | C] () -- C:\ProgramData\6B7.exe
[2013-04-20 09:28:32 | 000,072,704 | ---- | C] () -- C:\ProgramData\7486.exe
[2013-04-20 09:28:23 | 000,072,704 | ---- | C] () -- C:\ProgramData\4BA3.exe
[2013-04-20 09:27:43 | 000,072,704 | ---- | C] () -- C:\ProgramData\B2ED.exe
[2013-04-20 09:27:17 | 000,072,704 | ---- | C] () -- C:\ProgramData\45D9.exe
[2013-04-20 09:26:40 | 000,072,704 | ---- | C] () -- C:\ProgramData\C18D.exe
[2013-04-20 09:15:10 | 000,072,704 | ---- | C] () -- C:\ProgramData\397A.exe
[2013-04-20 09:13:31 | 000,072,704 | ---- | C] () -- C:\ProgramData\B6E3.exe
[2013-04-20 09:13:21 | 000,072,704 | ---- | C] () -- C:\ProgramData\8E8B.exe
[2013-04-20 09:12:42 | 000,072,704 | ---- | C] () -- C:\ProgramData\F5E5.exe
[2013-04-20 09:12:13 | 000,072,704 | ---- | C] () -- C:\ProgramData\8632.exe
[2013-04-20 09:11:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\466.exe
[2013-04-20 09:00:09 | 000,072,704 | ---- | C] () -- C:\ProgramData\7C24.exe
[2013-04-20 08:58:30 | 000,072,704 | ---- | C] () -- C:\ProgramData\F9BC.exe
[2013-04-20 08:58:20 | 000,072,704 | ---- | C] () -- C:\ProgramData\D107.exe
[2013-04-20 08:57:41 | 000,072,704 | ---- | C] () -- C:\ProgramData\3851.exe
[2013-04-20 08:57:13 | 000,072,704 | ---- | C] () -- C:\ProgramData\C9C6.exe
[2013-04-20 08:56:40 | 000,072,704 | ---- | C] () -- C:\ProgramData\47EB.exe
[2013-04-20 08:45:10 | 000,072,704 | ---- | C] () -- C:\ProgramData\BFF7.exe
[2013-04-20 08:43:31 | 000,072,704 | ---- | C] () -- C:\ProgramData\3D8E.exe
[2013-04-20 08:43:20 | 000,072,704 | ---- | C] () -- C:\ProgramData\14BA.exe
[2013-04-20 08:42:41 | 000,072,704 | ---- | C] () -- C:\ProgramData\7BF5.exe
[2013-04-20 08:42:14 | 000,072,704 | ---- | C] () -- C:\ProgramData\D6A.exe
[2013-04-20 08:41:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\8B9E.exe
[2013-04-20 08:30:09 | 000,072,704 | ---- | C] () -- C:\ProgramData\2EF.exe
[2013-04-20 08:28:30 | 000,072,704 | ---- | C] () -- C:\ProgramData\800A.exe
[2013-04-20 08:28:21 | 000,072,704 | ---- | C] () -- C:\ProgramData\5774.exe
[2013-04-20 08:27:41 | 000,072,704 | ---- | C] () -- C:\ProgramData\BEBE.exe
[2013-04-20 08:27:12 | 000,072,704 | ---- | C] () -- C:\ProgramData\5034.exe
[2013-04-20 08:26:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\CD2F.exe
[2013-04-20 08:15:09 | 000,072,704 | ---- | C] () -- C:\ProgramData\45A9.exe
[2013-04-20 08:13:30 | 000,072,704 | ---- | C] () -- C:\ProgramData\C2B4.exe
[2013-04-20 08:13:19 | 000,072,704 | ---- | C] () -- C:\ProgramData\99E0.exe
[2013-04-20 08:12:40 | 000,072,704 | ---- | C] () -- C:\ProgramData\168.exe
[2013-04-20 08:12:12 | 000,072,704 | ---- | C] () -- C:\ProgramData\92CE.exe
[2013-04-20 08:11:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\FF9.exe
[2013-04-20 08:00:08 | 000,072,704 | ---- | C] () -- C:\ProgramData\8891.exe
[2013-04-20 07:58:29 | 000,072,704 | ---- | C] () -- C:\ProgramData\56E.exe
[2013-04-20 07:58:20 | 000,072,704 | ---- | C] () -- C:\ProgramData\DC8A.exe
[2013-04-20 07:57:40 | 000,072,704 | ---- | C] () -- C:\ProgramData\43D4.exe
[2013-04-20 07:57:11 | 000,072,704 | ---- | C] () -- C:\ProgramData\D559.exe
[2013-04-20 07:56:38 | 000,072,704 | ---- | C] () -- C:\ProgramData\5255.exe
[2013-04-20 07:45:08 | 000,072,704 | ---- | C] () -- C:\ProgramData\CB7A.exe
[2013-04-20 07:43:29 | 000,072,704 | ---- | C] () -- C:\ProgramData\4808.exe
[2013-04-20 07:43:18 | 000,072,704 | ---- | C] () -- C:\ProgramData\1ED7.exe
[2013-04-20 07:42:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\866F.exe
[2013-04-20 07:42:11 | 000,072,704 | ---- | C] () -- C:\ProgramData\1852.exe
[2013-04-20 07:41:38 | 000,072,704 | ---- | C] () -- C:\ProgramData\953E.exe
[2013-04-20 07:30:08 | 000,072,704 | ---- | C] () -- C:\ProgramData\E05.exe
[2013-04-20 07:28:29 | 000,072,704 | ---- | C] () -- C:\ProgramData\8B01.exe
[2013-04-20 07:28:22 | 000,072,704 | ---- | C] () -- C:\ProgramData\61A0.exe
[2013-04-20 07:27:39 | 000,072,704 | ---- | C] () -- C:\ProgramData\C929.exe
[2013-04-20 07:27:10 | 000,072,704 | ---- | C] () -- C:\ProgramData\586D.exe
[2013-04-20 07:26:37 | 000,072,704 | ---- | C] () -- C:\ProgramData\D70E.exe
[2013-04-20 07:15:13 | 000,072,704 | ---- | C] () -- C:\ProgramData\50AF.exe
[2013-04-20 07:13:28 | 000,072,704 | ---- | C] () -- C:\ProgramData\CD9B.exe
[2013-04-20 07:13:17 | 000,072,704 | ---- | C] () -- C:\ProgramData\A44A.exe
[2013-04-20 07:12:38 | 000,072,704 | ---- | C] () -- C:\ProgramData\BA4.exe
[2013-04-20 07:12:10 | 000,072,704 | ---- | C] () -- C:\ProgramData\9B26.exe
[2013-04-20 07:11:37 | 000,072,704 | ---- | C] () -- C:\ProgramData\19B8.exe
[2013-04-20 07:00:07 | 000,072,704 | ---- | C] () -- C:\ProgramData\931B.exe
[2013-04-20 06:58:28 | 000,072,704 | ---- | C] () -- C:\ProgramData\1046.exe
[2013-04-20 06:58:17 | 000,072,704 | ---- | C] () -- C:\ProgramData\E6E5.exe
[2013-04-20 06:57:38 | 000,072,704 | ---- | C] () -- C:\ProgramData\4E20.exe
[2013-04-20 06:57:09 | 000,072,704 | ---- | C] () -- C:\ProgramData\DDA2.exe
[2013-04-20 06:56:37 | 000,072,704 | ---- | C] () -- C:\ProgramData\5C81.exe
[2013-04-19 13:57:31 | 000,114,176 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BabMaint.exe
[2012-12-21 12:25:38 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720

:Services
gupdate
gupdatem

:Files
C:\Windows\tasks\*.*
C:\Windows\serwos.exe889

:Commands
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z Dostępne tylko dla zarejestrowanych użytkowników (z opcji delete) + log z TDSSKiller + nowe logi z OTL (oba! - wykonane dokładnie wedle tej instrukcji).
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.



  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 14 gości