Botan Posted April 25, 2017 ID:1119721 Share Posted April 25, 2017 Hello! i scanned my pc whit malwarebytes. He found 1 virus named trojan.agent svchost.exe every time i delete he reapers after a while what should i do? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 25, 2017 Root Admin ID:1119747 Share Posted April 25, 2017 Hello @Botan and Please post the scan log from Malwarebytes so that we can see what it found. Also, let me get the following logs. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Ron Link to post Share on other sites More sharing options...
Botan Posted April 25, 2017 Author ID:1119762 Share Posted April 25, 2017 (edited) Ok the logs from FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01 Ran by Danut (administrator) on DANUT-PC (25-04-2017 12:38:09) Running from C:\Users\Danut\Desktop Loaded Profiles: Danut & (Available Profiles: Danut) Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Settings\CmdServer\EasyLauncher.exe () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Settings\sSettings.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (© 2015 Microsoft Corporation) C:\Users\Danut\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-10-15] (Atheros Commnucations) HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\btvstack.exe [877184 2012-10-15] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2243952 2012-10-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File Startup: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hl.vbs [2017-03-17] () GroupPolicy: Restriction - Windows Defender <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{41EB7C22-58FC-40A9-BC42-ECCD5A053079}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{AB263847-A1A3-42D6-A470-0D3A707E4DA5}: [DhcpNameServer] 193.231.100.130 193.231.100.134 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127028054&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?ilc=8 HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127088058&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127088058&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-10-15] (Atheros Commnucations) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default [2017-04-24] FF user.js: detected! => C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\user.js [2016-05-27] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rkljdgg5.default -> Yahoo FF DefaultSearchUrl: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://search.yahoo.com/search?fr=mkg030&p= FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rkljdgg5.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://www.yahoo.com/?ilc=8 FF Keyword.URL: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://search.yahoo.com/search?fr=mkg030&p= FF Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\abs@avira.com [2016-12-24] FF Extension: (Bing Search) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\bingsearch.full@microsoft.com [2015-09-26] [not signed] FF Extension: (Bing Search) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-21] FF Extension: (Yahoo! Toolbar) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-06-24] [not signed] FF SearchPlugin: C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\searchplugins\bing-.xml [2015-12-21] FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] () FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-06] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-06] (Intel Corporation) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3767664393-884807361-1005592115-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR DefaultSearchURL: Profile 1 -> hxxp://dts.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> ask.com CHR DefaultSuggestURL: Profile 1 -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default [2017-04-24] CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-04] CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-04] CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Adobe Acrobat) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-24] CHR Extension: (Bing) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-12-04] CHR Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-28] CHR Extension: (Google Docs Offline) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-24] CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-24] CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-24] CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-25] CHR Extension: (Ask Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaacdkeilkigfopmfogeeoamifkgnoo [2015-10-11] CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-11] CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (ILividLive - Watch Movies Online) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\appmeigfolfmgidjfciapbbgonilangd [2015-10-18] CHR Extension: (Dark Skin for Youtube™) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-04-18] CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-07-20] CHR Extension: (Polarr Photo Editor) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-01-22] CHR Extension: (Adobe Acrobat) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Block site) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-06-12] CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-02-21] CHR Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20] CHR Extension: (Google Docs Offline) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Auto Replay for YouTube™) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-04-05] CHR Extension: (Until AM for Chrome) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2016-06-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (EliteUnzip) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onaeegcnkhafbgjigcejgenmgadfppbc [2016-09-29] CHR Extension: (Hover Zoom+) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-04-23] CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11] CHR Extension: (Chrome Media Router) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04] CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-24] CHR Extension: (Google Slides) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-18] CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-18] CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-18] CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-18] CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18] CHR Extension: (Google Sheets) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-18] CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3767664393-884807361-1005592115-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-25] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [185472 2012-10-15] (Atheros Commnucations) [File not signed] S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277048 2012-11-08] (Intel Corporation) R2 Easy Launcher; C:\Program Files\Samsung\Easy Settings\CmdServer\EasyLauncher.exe [1593664 2015-05-27] (Samsung Electronics CO., LTD.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-07-06] () S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-07-06] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3297632 2017-03-20] (Samsung Electronics Co., Ltd.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros) [File not signed] S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X] S2 HPProtector Service; C:\Program Files\HPProtector\HPProtectorSrv.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2012-10-15] (Atheros) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2239488 2012-04-19] (Qualcomm Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-07-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-08] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-04] (Avira Operations GmbH & Co. KG) R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [299648 2012-10-15] (Atheros) R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [98432 2012-10-15] (Atheros) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2012-10-15] (Atheros) R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [148096 2012-10-15] (Atheros) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60544 2012-10-15] (Atheros) R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [264704 2012-10-15] (Atheros) R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [469632 2012-10-15] (Atheros) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [281968 2012-10-09] (ELAN Microelectronics Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-04-25] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2012-07-06] (Intel Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-23] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-25 12:38 - 2017-04-25 12:39 - 00024302 _____ C:\Users\Danut\Desktop\FRST.txt 2017-04-25 12:37 - 2017-04-25 12:38 - 00000000 ____D C:\FRST 2017-04-25 12:35 - 2017-04-25 12:35 - 01767936 _____ (Farbar) C:\Users\Danut\Desktop\FRST.exe 2017-04-24 19:26 - 2017-04-24 19:27 - 00688992 _____ (Swearware) C:\Users\Danut\Downloads\dds.scr 2017-04-24 17:45 - 2017-04-24 17:45 - 00000000 ___RD C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-04-24 16:57 - 2017-04-24 16:57 - 00150136 _____ C:\Windows\Minidump\042417-14196-01.dmp 2017-04-24 15:39 - 2017-04-24 16:57 - 330868124 _____ C:\Windows\MEMORY.DMP 2017-04-24 15:39 - 2017-04-24 15:39 - 00150136 _____ C:\Windows\Minidump\042417-16567-01.dmp 2017-04-23 10:38 - 2017-04-25 10:38 - 00000000 _____ C:\Windows\directx.sys 2017-04-23 10:27 - 2017-04-23 10:27 - 00000000 ____D C:\Program Files\Common Files\Java 2017-04-21 21:17 - 2017-04-23 21:28 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\uTorrent 2017-04-21 17:05 - 2017-04-21 17:05 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Apple Computer 2017-04-21 17:05 - 2017-04-21 17:05 - 00000000 ____D C:\Users\Danut\AppData\Local\Apple Computer 2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\Users\Danut\AppData\Local\Apple 2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\ProgramData\Apple Computer 2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\ProgramData\Apple 2017-04-17 15:34 - 2017-04-17 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2017-03-30 18:33 - 2017-04-25 10:15 - 00000000 ____D C:\Users\Danut\AppData\Roaming\.minecraft 2017-03-30 18:33 - 2017-03-30 18:33 - 00000000 ____D C:\Users\Danut\AppData\Roaming\java 2017-03-30 18:32 - 2017-04-23 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-03-30 18:32 - 2017-04-23 10:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-03-30 18:30 - 2017-04-22 20:49 - 00780352 _____ C:\Users\Danut\Downloads\chromeinstall-8u121.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-25 12:33 - 2015-09-24 08:59 - 00000376 _____ C:\Windows\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000.job 2017-04-25 10:15 - 2015-09-24 08:59 - 00000376 _____ C:\Windows\Tasks\update-sys.job 2017-04-25 10:05 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF 2017-04-25 08:50 - 2016-06-27 12:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-04-24 17:52 - 2013-10-19 21:55 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-24 17:50 - 2009-07-14 07:34 - 00020544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-24 17:50 - 2009-07-14 07:34 - 00020544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-24 17:48 - 2015-09-26 19:58 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Skype 2017-04-24 17:46 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf 2017-04-24 17:45 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-24 16:57 - 2014-01-22 20:52 - 00000000 ____D C:\Windows\Minidump 2017-04-24 16:33 - 2013-10-30 03:40 - 00000000 ____D C:\Users\Danut\Documents\Bluetooth Folder 2017-04-24 12:16 - 2016-03-27 16:48 - 00000000 ___RD C:\Users\Danut\Desktop\Muzica 2017-04-24 12:16 - 2016-03-20 14:44 - 00000000 ___RD C:\Users\Danut\Desktop\Programe 2017-04-24 12:11 - 2013-10-30 02:57 - 00000000 ____D C:\ProgramData\Samsung 2017-04-24 12:08 - 2013-10-30 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2017-04-24 10:17 - 2016-04-06 17:32 - 00000000 ____D C:\Users\Danut\Desktop\New Folder 2017-04-24 10:15 - 2015-09-28 18:18 - 00000000 ____D C:\Games 2017-04-24 10:11 - 2015-02-04 18:19 - 00000000 ____D C:\Users\Danut\AppData\Roaming\uTorrent 2017-04-24 10:11 - 2013-11-01 09:15 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Winamp 2017-04-24 10:10 - 2013-11-03 18:32 - 00000000 ____D C:\Users\Danut\AppData\Local\CrashDumps 2017-04-23 21:51 - 2016-05-04 19:57 - 00000000 ____D C:\Program Files\Java 2017-04-23 10:31 - 2016-05-04 19:58 - 00000000 ____D C:\ProgramData\Oracle 2017-04-22 20:49 - 2016-07-19 19:09 - 01132480 _____ C:\Users\Danut\Downloads\UnityWebPlayer.exe 2017-04-22 20:49 - 2016-07-11 13:17 - 00283592 _____ C:\Users\Danut\Downloads\Firefox Setup Stub 47.0.1.exe 2017-04-22 20:49 - 2016-07-01 17:53 - 05956936 _____ C:\Users\Danut\Downloads\winscp577setup.exe 2017-04-22 20:49 - 2016-06-21 10:44 - 00283608 _____ C:\Users\Danut\Downloads\Firefox Setup Stub 47.0.exe 2017-04-22 20:49 - 2016-06-12 16:00 - 04672312 _____ C:\Users\Danut\Downloads\avira_en_av_575bf5c1761e5__ws.exe 2017-04-22 20:49 - 2016-05-27 13:14 - 00465544 _____ C:\Users\Danut\Downloads\msgr11us.exe 2017-04-22 20:49 - 2016-05-04 22:54 - 02368448 _____ C:\Users\Danut\Downloads\setup.exe 2017-04-22 20:49 - 2016-05-04 19:53 - 01850000 _____ C:\Users\Danut\Downloads\wrar531.exe 2017-04-22 20:49 - 2016-03-20 14:36 - 01811152 _____ C:\Users\Danut\Downloads\wrar501.exe 2017-04-22 20:49 - 2015-10-11 16:35 - 00971344 _____ C:\Users\Danut\Downloads\ChromeSetup.exe 2017-04-22 20:49 - 2015-09-24 08:59 - 02552832 _____ C:\Users\Danut\Downloads\setup-lightshot.exe 2017-04-22 20:49 - 2015-02-04 18:18 - 01782352 _____ C:\Users\Danut\Downloads\uTorrent.exe 2017-04-22 20:49 - 2013-11-01 09:25 - 04420520 _____ C:\Users\Danut\Downloads\ccsetup407.exe 2017-04-21 17:03 - 2016-12-04 12:57 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\Mozilla 2017-04-17 15:34 - 2015-09-24 08:59 - 00000412 _____ C:\Users\Danut\AppData\Local\UserProducts.xml 2017-04-14 21:48 - 2014-01-19 10:14 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\Adobe 2017-04-14 21:42 - 2014-06-05 02:02 - 00000000 ____D C:\Windows\system32\Macromed 2017-04-12 17:39 - 2016-05-06 19:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-04-12 09:24 - 2014-06-05 02:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-04-12 09:24 - 2014-06-05 02:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-04-08 20:35 - 2016-12-24 19:54 - 00000000 ____D C:\Program Files\Red Crucible 2017-04-08 20:21 - 2014-06-05 02:59 - 00000000 ____D C:\Users\Danut\AppData\Local\Adobe 2017-04-07 07:45 - 2015-09-26 19:57 - 00000000 ____D C:\ProgramData\Skype 2017-04-07 07:44 - 2014-11-18 19:15 - 00000000 ____D C:\ProgramData\Package Cache 2017-04-04 18:16 - 2015-10-17 10:14 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-26 08:48 - 2009-07-14 07:33 - 00269624 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2016-07-01 17:55 - 2017-03-05 09:48 - 0000600 _____ () C:\Users\Danut\AppData\Roaming\winscp.rnd 2016-03-27 17:09 - 2016-03-27 17:09 - 0002491 _____ () C:\Users\Danut\AppData\Local\recently-used.xbel 2016-05-12 09:25 - 2016-05-12 09:25 - 0007600 _____ () C:\Users\Danut\AppData\Local\Resmon.ResmonCfg 2015-09-24 08:59 - 2015-09-24 08:59 - 0000003 _____ () C:\Users\Danut\AppData\Local\updater.log 2015-09-24 08:59 - 2017-04-17 15:34 - 0000412 _____ () C:\Users\Danut\AppData\Local\UserProducts.xml 2016-04-17 20:11 - 2016-04-17 20:11 - 0000000 _____ () C:\Users\Danut\AppData\Local\{063F6EB3-816D-431F-8638-5FA986826CF7} Some files in TEMP: ==================== 2017-04-23 10:26 - 2017-04-23 10:39 - 0781376 _____ () C:\Users\Danut\AppData\Local\Temp\jre-8u131-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-13 19:57 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2017 01 Ran by Danut (25-04-2017 12:40:03) Running from C:\Users\Danut\Desktop Microsoft Windows 7 Ultimate (X86) (2013-10-19 18:57:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3767664393-884807361-1005592115-500 - Administrator - Disabled) Danut (S-1-5-21-3767664393-884807361-1005592115-1000 - Administrator - Enabled) => C:\Users\Danut Guest (S-1-5-21-3767664393-884807361-1005592115-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3767664393-884807361-1005592115-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Photoshop CS6 version 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.) Atheros Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.4.0.165 - Atheros) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM\...\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}) (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG) Avira Launcher (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden Bandicam (HKLM\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com) CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform) Discord (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Dropbox (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\Dropbox) (Version: 2.4.5 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.4.5 - Dropbox, Inc.) Easy Settings (HKLM\...\{C73757DE-33F1-45D1-864A-C8BFEBC37366}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) ETDWare X86 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.) Google Chrome (HKLM\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 57.0.2987.133 - Google, Inc.) Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden HPProtector (HKLM\...\HPProtector) (Version: - ) <==== ATTENTION Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.2.1003 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Lightshot-5.4.0.5 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.5 - Skillbrains) Malwarebytes Anti-Malware versiunea 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 ro) (HKLM\...\Mozilla Firefox 50.1.0 (x86 ro)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) nVidia E9 SE Counter-Strike (HKLM\...\{433619F8-E7CD-4D2B-BD3C-BCE3155265F6}) (Version: 1.0.0 - nVidia E9 SE Counter-Strike) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden Samsung Update (HKLM\...\{0463F7A5-8953-4F41-B9A8-936CF68C00F5}) (Version: 2.2.47 - Samsung Electronics Co., Ltd.) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) Unity Web Player (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) Winamp (HKLM\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {188DECE7-ED39-4012-9D2A-4BB5D894F76B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd) Task: {2891CD5C-A1DA-4FF2-AD20-95D87B7440E7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {2F659B6C-9AD8-4BA1-A0F9-F0752BFB4CDB} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2017-04-24] () Task: {3434B189-C126-4DDC-AAF5-01A0FAC38BF0} - System32\Tasks\{9500A436-F959-4B44-ADE0-2AB88E43139E} => C:\Users\Danut\Desktop\New folder\hl.exe Task: {3BD8B3F2-66FF-4B4A-8E93-0ECC50F41C93} - System32\Tasks\EasySettings => C:\Program Files\Samsung\Easy Settings\sSettings.exe [2015-05-27] (Samsung Electronics CO., LTD.) Task: {3D9EC443-9D76-444C-881C-E5133CF2A171} - System32\Tasks\WLANStartup => C:\Program Files\Samsung\Easy Settings\WLANStartup.exe [2015-05-27] (Samsung Electronics) Task: {44EE5CB3-AAFE-403A-AED6-9D59BFEA4CE2} - System32\Tasks\{94356DB6-A3B4-4A58-8318-1D7B84B024F9} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsMain Task: {5133CF5D-6C00-4C42-86AE-F9EC9EEF457A} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {53A8C134-9B17-44D3-AFAC-2B6B1840FA99} - System32\Tasks\{348F24B9-8102-400C-8809-413432E27594} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsProgressBar Task: {7A757C78-A19D-45B0-A421-0F0C42A9324F} - System32\Tasks\{8948C88C-BC79-4F6F-82D2-A9CDAB0E6649} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsBing Task: {7B0F0891-42EA-4F1C-ACE8-6827B47A4943} - System32\Tasks\{CC8BC0A4-B131-4737-87D5-2A0AC8F6A267} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/ro/abandoninstall?page=tsProgressBar Task: {88D1C1BF-65A4-402C-89D3-626F93585602} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.) Task: {8B2F27C4-7FAD-4DBD-B019-99497174AA85} - System32\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {97B2A34C-9CBA-443B-BD96-D3C643586A2D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {9B877E3F-54DE-4FA9-AC14-9D4C7CE40527} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {9F584B90-8962-4C23-B24A-8F3ABA90A6BB} - System32\Tasks\{CEB6F824-110E-4E89-9697-A94D35E6A908} => pcalua.exe -a "C:\Users\Danut\Desktop\New Folder\Minecraft.exe" -d "C:\Users\Danut\Desktop\New Folder" Task: {A8EF962D-001E-4EB5-82BB-5302638CB78E} - System32\Tasks\EasySettings_config => C:\Program Files\Samsung\Easy Settings\sSettings.exe [2015-05-27] (Samsung Electronics CO., LTD.) Task: {B52C5316-D582-4614-A013-3CE708C8D350} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.) Task: {BC597540-8A3F-4031-8202-E72F243C4614} - System32\Tasks\SCCSpeedBoot => C:\Program Files\Samsung\Easy Settings\CmdServer\SCCSpeedBoot.exe [2015-05-27] (Samsung Electronics Co., Ltd.) Task: {CDEE8F2C-2456-4741-A0A4-4C1BCBF6E6F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated) Task: {F8E9DC88-9839-4103-8155-3138FE71395A} - System32\Tasks\{A42447FC-C410-4AEA-B84C-D391F4514BE5} => pcalua.exe -a C:\Users\Danut\Desktop\CS-16-Professional.exe -d C:\Users\Danut\Desktop Task: {FB07076E-D433-4C3D-93DD-C3F56362F826} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\HPProtector\WebLauncher.exe (No File) <===== Cyrillic Shortcut: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files\HPProtector\WebLauncher.exe (No File) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Until AM for Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjafmkicbmhcbapadecadciafbkecofl ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fa4d13c4deebf84b\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7c76e6b75d1491\Danut - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-05-27 11:06 - 2015-05-27 11:06 - 00211064 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\WinCRT.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00084800 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe 2015-05-27 11:06 - 2015-05-27 11:06 - 00027968 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdWrapper.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 01270080 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmd.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00111936 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsBase.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00056440 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\HookDllPS2.dll 2015-05-27 11:05 - 2015-05-27 11:05 - 00025920 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsAPI.dll 2015-05-27 11:05 - 2015-05-27 11:05 - 00025920 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsAPI.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00111936 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsBase.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00059712 _____ () C:\Program Files\Samsung\Easy Settings\EasyMovieEnhancer.dll 2015-05-27 11:06 - 2015-05-27 11:06 - 00102720 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsCmdClient.dll 2012-11-07 01:04 - 2012-11-07 01:04 - 00094208 _____ () C:\Windows\system32\IccLibDll.dll 2013-10-30 03:18 - 2012-07-06 18:23 - 00128280 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2013-10-30 03:18 - 2012-07-06 18:24 - 01198872 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2017-04-04 18:16 - 2017-03-29 05:04 - 02187096 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-04-04 18:16 - 2017-03-29 05:04 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Danut:Heroes & Generals [38] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\exefile\shell\open\command: C:\Windows\svchost.com "%1" %* <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: c2cautoupdatesvc => 2 MSCONFIG\Services: c2cpnrsvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\startupfolder: C:^Users^Danut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{84259F40-DDD8-4182-851B-E4A041F33F2F}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{604615ED-2F83-41A2-A6F6-F269F8F45ECF}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{2D56B9B3-1608-46FB-955B-D2DEBCAE1DA7}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{651EAA2D-B54F-4381-B16B-6FD38C7B5FE4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{51C1BD7E-7FF0-4544-8E2B-D900D36ABB5A}] => (Allow) C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{EAFA309F-C0A6-4C8E-9170-19F402FF4478}] => (Allow) C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{5148DD4E-D191-479D-B921-7B7FEE6DC75E}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{A8981010-8046-44A4-805E-F8BD79530674}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{ECBA87B7-27EE-4ACE-AC66-666C495634F5}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{334158BB-253E-4E81-A4F0-D0E5CFBAAD52}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{9B04C311-6E18-4B9E-BD23-3C034500C56A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{4E756395-03BA-4618-81A1-E54AEFDCC91F}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{25C036BC-12AA-4832-B615-C4F19751F28B}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe FirewallRules: [UDP Query User{B87E9DD4-80E1-4E8C-9745-F256826D3825}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe FirewallRules: [TCP Query User{A08A48E7-3CC5-4CE9-8C6B-7BE698A4E28A}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe FirewallRules: [UDP Query User{2686F3DF-E0A4-4CEE-A0DE-C88AA03C4D6E}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe FirewallRules: [{32058A62-7CA0-49E5-85A6-CBE7AE125569}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{E71A11E2-A66D-4B2C-9CA8-9C4786ADC14F}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe FirewallRules: [TCP Query User{21CFAE7D-23B4-4F2B-B63C-9E64A97E0F53}C:\users\danut\desktop\new folder\hl.exe] => (Allow) C:\users\danut\desktop\new folder\hl.exe FirewallRules: [UDP Query User{4D2B3B5E-0046-4396-AF6A-9BC659E2F16E}C:\users\danut\desktop\new folder\hl.exe] => (Allow) C:\users\danut\desktop\new folder\hl.exe FirewallRules: [TCP Query User{80EAD932-FDB6-4255-B31D-29B1706685B2}C:\users\danut\desktop\programe\new folder\hl.exe] => (Allow) C:\users\danut\desktop\programe\new folder\hl.exe FirewallRules: [UDP Query User{F124ECEB-C822-4630-BE2B-6F114B3A15DE}C:\users\danut\desktop\programe\new folder\hl.exe] => (Allow) C:\users\danut\desktop\programe\new folder\hl.exe FirewallRules: [TCP Query User{B642C5B3-A7A0-4342-8B74-FC547EF830ED}C:\program files\counter strike pro\hl.exe] => (Allow) C:\program files\counter strike pro\hl.exe FirewallRules: [UDP Query User{38EB6771-83F5-459D-A3C2-6CFBDF1E3955}C:\program files\counter strike pro\hl.exe] => (Allow) C:\program files\counter strike pro\hl.exe FirewallRules: [TCP Query User{86A68ED0-B687-48DE-B37C-0862F7EC1FF2}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files\counter-strike 1.6 omonas\hl.exe FirewallRules: [UDP Query User{1B62B4A8-DA23-47D5-8280-44355CC68AB0}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files\counter-strike 1.6 omonas\hl.exe FirewallRules: [TCP Query User{FBB0D215-2C34-4773-A43B-EC44CDB6ECD3}C:\program files\counter strike pro\hl.exe] => (Block) C:\program files\counter strike pro\hl.exe FirewallRules: [UDP Query User{05188FEE-A859-4351-BC56-705F95735510}C:\program files\counter strike pro\hl.exe] => (Block) C:\program files\counter strike pro\hl.exe FirewallRules: [TCP Query User{82373B55-A77F-409A-A085-846F32096044}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{F6498685-8E61-4A31-934F-6CE879CCDF38}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{D6B6BDC8-1BB0-4C0B-97B3-1CE237FD7B2B}C:\program files\ea games\need for speed most wanted\speed.exe] => (Allow) C:\program files\ea games\need for speed most wanted\speed.exe FirewallRules: [UDP Query User{18C6CCB1-DD38-4DEC-ABCB-9063B546DF10}C:\program files\ea games\need for speed most wanted\speed.exe] => (Allow) C:\program files\ea games\need for speed most wanted\speed.exe FirewallRules: [{17ECFF97-F2CE-4038-9C54-CDE1E24F790B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{904A8DA1-10CD-4282-AA79-D4E59AC18621}C:\program files\counter-strike\hlds.exe] => (Allow) C:\program files\counter-strike\hlds.exe FirewallRules: [UDP Query User{C20BD35B-AC55-4FF3-A6DB-29FFE09E745C}C:\program files\counter-strike\hlds.exe] => (Allow) C:\program files\counter-strike\hlds.exe FirewallRules: [TCP Query User{B1118242-7F2E-4BAB-876B-F4B5DEE35AE0}C:\program files\counter-strike\hl.exe] => (Block) C:\program files\counter-strike\hl.exe FirewallRules: [UDP Query User{9FF6D9AE-6159-490C-83D4-DDE48E5ACFD7}C:\program files\counter-strike\hl.exe] => (Block) C:\program files\counter-strike\hl.exe FirewallRules: [TCP Query User{D514345F-B690-4268-8EBB-ECE9186409C9}C:\games\counter-strike\hltv.exe] => (Block) C:\games\counter-strike\hltv.exe FirewallRules: [UDP Query User{9EAABD1E-8681-4848-A6BD-BA9FAAD4A0B7}C:\games\counter-strike\hltv.exe] => (Block) C:\games\counter-strike\hltv.exe FirewallRules: [TCP Query User{49D4D935-ABC8-4A30-BCC6-4AA8C605C095}C:\games\counter-strike\hlds.exe] => (Block) C:\games\counter-strike\hlds.exe FirewallRules: [UDP Query User{443ED8B4-5626-4396-AC5C-94E38625B02D}C:\games\counter-strike\hlds.exe] => (Block) C:\games\counter-strike\hlds.exe FirewallRules: [TCP Query User{AA30BC37-9834-4E11-A999-73B30ABE8232}C:\program files\counter-strike 1.6 - csmania\hl.exe] => (Allow) C:\program files\counter-strike 1.6 - csmania\hl.exe FirewallRules: [UDP Query User{297A9806-1E46-44DA-B7B6-150106B816CC}C:\program files\counter-strike 1.6 - csmania\hl.exe] => (Allow) C:\program files\counter-strike 1.6 - csmania\hl.exe FirewallRules: [{6F415114-FCCB-47DC-A192-DA88B3158B74}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{511BE4E6-BA3A-4208-9F80-994D912BB420}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [TCP Query User{4E656994-8C63-418C-B495-D1619B784FF7}C:\program files\counter-strike\hl.exe] => (Allow) C:\program files\counter-strike\hl.exe FirewallRules: [UDP Query User{118C4095-A277-4FD8-98E2-547F397B2DFB}C:\program files\counter-strike\hl.exe] => (Allow) C:\program files\counter-strike\hl.exe FirewallRules: [TCP Query User{DAF0E6ED-69B2-4C66-8F4F-DBA534D22B89}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Allow) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe FirewallRules: [UDP Query User{594980C3-F5B2-493E-973F-BA8E33BB0FAA}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Allow) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe FirewallRules: [TCP Query User{EBC5274F-1A7A-410F-97A7-B16B989B2A83}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe FirewallRules: [UDP Query User{8A07E3A7-5063-4780-83E5-CE3D97574433}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe FirewallRules: [TCP Query User{71093E86-970E-4617-B731-2C3EA36AEC4E}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe FirewallRules: [UDP Query User{8C8AAEE5-4EAC-4AC6-8A62-2DA6FFFBEC00}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe FirewallRules: [TCP Query User{298BE31C-96CC-48E7-837A-1C0B4BBC6930}C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [UDP Query User{474223DA-1817-4D95-B443-55DFBE95597E}C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [TCP Query User{AAE25887-7D47-4F19-871A-6BCB6CA70413}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [UDP Query User{60863C70-B91D-4C65-A9C1-B52E1AEBA39D}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [TCP Query User{86F069BF-4481-4884-A756-C28AB8AD7758}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Block) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe FirewallRules: [UDP Query User{E58B95DC-F5D4-4603-8C46-9CD936904063}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Block) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe FirewallRules: [TCP Query User{B5311C64-0042-4AF7-857A-555A938585D8}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [UDP Query User{BB17411B-F7F0-42C6-877C-D5CEC9461642}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe FirewallRules: [TCP Query User{ED691252-8C33-4C12-9CE4-E9CCBD04652D}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{4EA99BC2-085E-4958-B12A-81D740E52210}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [TCP Query User{C41328B5-8868-4429-94A5-25EADB87ED7B}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe FirewallRules: [UDP Query User{83176DCF-51FF-41D7-B1BC-44DCED48F730}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe FirewallRules: [TCP Query User{72E0510D-50B3-4047-B6BA-A5ADC851BC15}C:\program files\nvidia e8 pro counter-strike\hl.exe] => (Allow) C:\program files\nvidia e8 pro counter-strike\hl.exe FirewallRules: [UDP Query User{221A8F6B-56AA-4565-9E11-F093DBB1E83B}C:\program files\nvidia e8 pro counter-strike\hl.exe] => (Allow) C:\program files\nvidia e8 pro counter-strike\hl.exe FirewallRules: [TCP Query User{5788AEDB-FB4C-402A-87A7-E65CB28DDB37}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{6CA8F5C6-7965-485E-8083-2C5437E0E98C}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [TCP Query User{F0199760-3EBE-48BD-AA08-BD39B90FF763}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe FirewallRules: [UDP Query User{5FEAD40E-7EF4-421C-9A23-AB4D06459A42}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe FirewallRules: [TCP Query User{80D52B49-19F2-4E4C-BCE7-FB0ECC938631}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe FirewallRules: [UDP Query User{6D422B83-0725-4351-8A34-A73705C89EDE}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe FirewallRules: [TCP Query User{754EAF59-9431-4149-AEFE-79F81A1858B4}C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe FirewallRules: [UDP Query User{7E3E09C7-C72C-4AFF-8816-994E59E72F4A}C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe FirewallRules: [TCP Query User{5021815C-C46F-4B71-B43C-4D091145955C}C:\users\danut\desktop\counterstrike16\hl.exe] => (Allow) C:\users\danut\desktop\counterstrike16\hl.exe FirewallRules: [UDP Query User{508C8AC8-DC91-4080-87CC-326AC3526A02}C:\users\danut\desktop\counterstrike16\hl.exe] => (Allow) C:\users\danut\desktop\counterstrike16\hl.exe FirewallRules: [TCP Query User{791CACB7-5030-450A-A964-A51C84171A34}C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{A7FBA604-F5CF-46A8-A30D-A308E36E05A3}C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe FirewallRules: [{88747C23-6097-4100-81D6-F16968077FC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{5ED9FBE0-EAC5-42E5-B647-F9C8AF231E43}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{1C421256-F741-4906-8497-DD7AA17FA1A0}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe FirewallRules: [TCP Query User{4FD63DB7-EC91-4A13-B64A-E9D37CE7C446}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{E9ADDA3C-C9FA-45B7-8CDB-34C1725BDDF2}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe FirewallRules: [{134CA584-3A75-411F-AE8B-AA9ADA62EFDE}] => (Allow) C:\Users\Danut\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3ABA3819-F262-476E-9F8C-BED15BD7E62D}] => (Allow) C:\Users\Danut\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9ACC2511-AE5F-40A3-AE0E-3AE57ACF4CE3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{532E3323-CD47-4FCB-9597-0930DF7B0733}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{EFA94DD9-12F5-4146-A079-100D7E4A7F56}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{46094C24-D8B1-4B6B-BB25-0F73BAF91198}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{5FD0CD1C-E88B-4ADE-A8E0-325600CCCABE}C:\users\public\desktop\wargods anti cheat\database\checker.exe] => (Allow) C:\users\public\desktop\wargods anti cheat\database\checker.exe FirewallRules: [UDP Query User{727D8BD0-BC53-49F3-9A79-A455C0F4314A}C:\users\public\desktop\wargods anti cheat\database\checker.exe] => (Allow) C:\users\public\desktop\wargods anti cheat\database\checker.exe FirewallRules: [{B839A7BD-4D9A-4A6C-8ABC-9C6472DAF4FF}] => (Allow) LPort=29100 FirewallRules: [TCP Query User{4095440B-8AF1-4380-8C99-687106E3E1D9}C:\program files\counter-strike fake steam\hl.exe] => (Allow) C:\program files\counter-strike fake steam\hl.exe FirewallRules: [UDP Query User{A576EBB2-FD3F-441F-8C17-CF9FBBAA8051}C:\program files\counter-strike fake steam\hl.exe] => (Allow) C:\program files\counter-strike fake steam\hl.exe FirewallRules: [TCP Query User{81CCFE54-F002-4DBC-9A63-20467276D170}C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe] => (Allow) C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe FirewallRules: [UDP Query User{D997BF9A-6D16-4AFF-B1B7-428E41A6C6F4}C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe] => (Allow) C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe FirewallRules: [{0E7E171E-C7C7-48D6-A7E3-E30451FE66BF}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{C7A02492-10D9-41F8-B0D8-E7718E17E7AE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{C6CA7FA1-96A7-4B1A-9A27-2D91710F2196}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{067679B6-38A1-40B8-A684-4E3C73C208DE}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [TCP Query User{A1498A7C-16EF-46C6-94D3-39C7413AA6E3}C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{B51EBCDA-015B-4E1C-BCE1-4947D4D59FC7}C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe FirewallRules: [TCP Query User{13B3C465-80F8-4199-8AA3-14CE8A63D3E0}C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{81849F0F-BF97-4B9B-B6AA-EC7F7A0E9A53}C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe FirewallRules: [TCP Query User{C3EF2738-9BC0-444F-80A1-C3298A4E543B}E:\nvidia e8 counter-strike\hl.exe] => (Allow) E:\nvidia e8 counter-strike\hl.exe FirewallRules: [UDP Query User{E75DBD79-1D25-494C-B308-0275EBB040AA}E:\nvidia e8 counter-strike\hl.exe] => (Allow) E:\nvidia e8 counter-strike\hl.exe FirewallRules: [TCP Query User{0AC7171F-247C-4118-B822-1481D416EC65}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe FirewallRules: [UDP Query User{32663907-273C-426D-B625-DAE2E073EF93}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe FirewallRules: [TCP Query User{717DFA79-24F3-4860-B8EF-0E50C8455402}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe FirewallRules: [UDP Query User{FFA3BA1A-A838-4BCF-A2D8-A8981D89103E}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe FirewallRules: [TCP Query User{F2B1C479-F8FA-4129-A2EC-A1CF83CA80E4}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{2F572245-044D-4E88-AD47-7C0C1740BD73}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{4C3EBFE4-0E74-4A20-A395-4439F21AD4C4}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{C8CC86F4-E031-4B16-B9EB-CEB2F0619716}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{E69DF161-62A5-49F1-A5EE-12B67459A185}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{94DD3498-3728-4F6D-9FFE-8164361C3B71}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{418D5AEA-E5E7-4261-AC2C-45B9E389D9FB}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{F32DD3FE-EEBE-4DFA-8320-777A671F4363}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{F5FE5589-ECD2-4E80-8735-962C55D69BB8}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{05D6A88D-AE15-4707-AC00-065462F2429E}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{09F7A37B-A77F-4DD0-8D30-77089F771799}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe FirewallRules: [UDP Query User{9982D6B8-15AE-475D-8E76-A7D6D6885451}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe FirewallRules: [TCP Query User{0EAB7B01-A21D-4D14-8E1D-0ACC304B33B6}C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe] => (Allow) C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe FirewallRules: [UDP Query User{76D1C604-811F-4FC3-8C7B-D5FE7B6259EE}C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe] => (Allow) C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe FirewallRules: [{454A126F-7A5D-4706-9F09-BB562962B97A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D1013246-765A-449D-AD43-D5CA1DB995BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{FDD60B92-BCC3-47A4-B699-EABCD4160CA5}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe FirewallRules: [UDP Query User{6BDE4FBF-471F-433F-8137-06AF583EEB86}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe FirewallRules: [TCP Query User{7BF23FC2-D6F2-4701-8CD6-3044559B6F7F}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe FirewallRules: [UDP Query User{C764B74F-D214-43AE-8E04-6E197DF74D15}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe FirewallRules: [TCP Query User{F3B2C60B-EB67-496D-A8A2-8090A9A09CF7}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe FirewallRules: [UDP Query User{D9A3A33F-3E8A-41B3-ABEB-88AAA2E13275}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe FirewallRules: [TCP Query User{67D52878-1794-4349-A444-52932BEC177E}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe FirewallRules: [UDP Query User{6316E00B-85DB-4847-A217-BCE6D2DA7B92}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe FirewallRules: [TCP Query User{3E7C045F-8767-4A90-AA1C-7D1313D6D2A8}C:\users\danut\desktop\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\cs16-2017\hl.exe FirewallRules: [UDP Query User{700DA8DD-9916-4CCF-843C-1C4FC2AD0BFD}C:\users\danut\desktop\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\cs16-2017\hl.exe FirewallRules: [TCP Query User{950A1870-DFE9-4502-8CE2-48DEFB1F9C53}C:\users\danut\desktop\new folder\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\new folder\cs16-2017\hl.exe FirewallRules: [UDP Query User{BCD7A441-304A-4D19-923D-6A161D44F633}C:\users\danut\desktop\new folder\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\new folder\cs16-2017\hl.exe FirewallRules: [TCP Query User{740BBACD-9A36-411C-9A9D-01E819FABFF6}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [UDP Query User{7029EF1D-0D15-4044-8A5E-4C812B0DDB07}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [TCP Query User{E5DCE01A-9314-41A4-8ACC-9015CA23DDD9}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [UDP Query User{65EB9366-26D2-486C-A602-DCEFB4B2DCB3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe FirewallRules: [{443576BB-798D-413F-9AFF-06AF21D1D407}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{EFBCF5ED-D815-49AF-9B3A-6EB9A5871652}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe] => (Block) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe FirewallRules: [UDP Query User{F70177E5-5FDE-45B0-860B-27BAB061B01B}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe] => (Block) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe FirewallRules: [TCP Query User{E7194D5B-5E1B-4FAB-A850-9E56DA67FA60}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [UDP Query User{65AD22BB-5143-45E3-ACC1-A618FF9E94EC}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38) Resolution: The driver could not be loaded because a previous instance is still loaded. Restart the computer. ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2017 05:52:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/24/2017 05:52:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/24/2017 05:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/24/2017 05:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/24/2017 03:45:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/24/2017 03:45:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/24/2017 09:44:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900 Faulting module name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900 Exception code: 0xc0000005 Fault offset: 0x00002783 Faulting process id: 0x1328 Faulting application start time: 0x01d2bcc642f6b5ae Faulting application path: C:\Users\Danut\AppData\Local\Temp\3582-490\hl.exe Faulting module path: C:\Users\Danut\AppData\Local\Temp\3582-490\hl.exe Report Id: 81a4be6c-28b9-11e7-b9da-1867b06c3e76 Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1201583 Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1201583 Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (04/25/2017 12:33:06 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-08-22-78-E5-BA. Network operations on this system may be disrupted as a result. Error: (04/25/2017 07:35:35 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error: (04/24/2017 05:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HPProtector Service service failed to start due to the following error: The system cannot find the file specified. Error: (04/24/2017 05:34:58 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY) Description: The Program Compatibility Assistant service failed to perform the phase two initialization. Error: (04/24/2017 04:57:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HPProtector Service service failed to start due to the following error: The system cannot find the file specified. Error: (04/24/2017 04:57:52 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x87586800, 0x87586818, 0x08030004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042417-14196-01. Error: (04/24/2017 04:57:45 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:56:29 PM on 4/24/2017 was unexpected. Error: (04/24/2017 03:39:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HPProtector Service service failed to start due to the following error: The system cannot find the file specified. Error: (04/24/2017 03:39:33 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x89e06810, 0x89e06828, 0x0803000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042417-16567-01. Error: (04/24/2017 03:39:25 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:38:47 PM on 4/24/2017 was unexpected. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz Percentage of memory in use: 64% Total physical RAM: 3295.54 MB Available physical RAM: 1186.07 MB Total Virtual: 9437.81 MB Available Virtual: 6513.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:87.89 GB) (Free:50.65 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: () (Fixed) (Total:377.87 GB) (Free:377.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A33B6C03) Partition 1: (Active) - (Size=87.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=377.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ One more thing i don't know where i find the scan logo from Malwarebytes. Can you tell me? Edited April 25, 2017 by Botan Link to post Share on other sites More sharing options...
Botan Posted April 26, 2017 Author ID:1119994 Share Posted April 26, 2017 MBAM log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 26.04.2017 Scan Time: 07:41 Logfile: Mal.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.04.25.10 Rootkit Database: v2017.04.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x86 File System: NTFS User: Danut Scan Type: Threat Scan Result: Completed Objects Scanned: 235243 Time Elapsed: 18 min, 54 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 2 Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Good: ("Bad: (C:\Windows\svchost.com "%1" %*),Replaced,[7bce3db8bbedcd69074ae92759aa27d9]" %*)" %*, %4, %5 Broken.OpenCommand, HKCR\exefile\shell\open\command, C:\Windows\svchost.com "Good: ("Bad: (C:\Windows\svchost.com "%1" %*),Replaced,[ffffffffffffffffffffffffffffffff]" %*)" %*, %4, %5 Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 26, 2017 Root Admin ID:1120133 Share Posted April 26, 2017 Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. PC Winvids - How to run Kaspersky TDSSKiller If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection. Once the tool has completed scanning make sure to re-enable your other security applications. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 26, 2017 Root Admin ID:1120134 Share Posted April 26, 2017 Please attach logs. Copy / Pasting directly can sometimes not translate correctly Link to post Share on other sites More sharing options...
Botan Posted April 27, 2017 Author ID:1120251 Share Posted April 27, 2017 TDSSKiller.3.1.0.15_27.04.2017_08.17.51_log.txt TDSSKiller.3.1.0.15_27.04.2017_08.32.38_log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 27, 2017 Root Admin ID:1120272 Share Posted April 27, 2017 Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Botan Posted April 27, 2017 Author ID:1120330 Share Posted April 27, 2017 1. Junkware Removal Tool: JRT.txt 2. AdwCleaner: AdwCleaner[C0].txt 3. Sophos: SophosVirusRemovalTool.log (After scan sophos found 2 more threaths) Link to post Share on other sites More sharing options...
Botan Posted April 27, 2017 Author ID:1120331 Share Posted April 27, 2017 FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 28, 2017 Root Admin ID:1120557 Share Posted April 28, 2017 It looks like Sophos was not able to complete that removal. Please try the following tool. Make sure your antivirus is disabled while using the tool. Please download Malwarebytes Anti-Rootkit from HERE If needed there is a self help tutorial here: MBAR tutorial Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Botan Posted April 28, 2017 Author ID:1120565 Share Posted April 28, 2017 mbar-log-2017-04-28 (10-25-35).txt system-log.txt MBAR don t find anything i think sophos do his job becose now my pc run normal now Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 28, 2017 Root Admin ID:1120567 Share Posted April 28, 2017 It may have completed the removal piece but the log was truncated showing it ended before it was done. Please open Malwarebytes and check for updates and run a new Threat Scan and post back that log. Thanks Link to post Share on other sites More sharing options...
Botan Posted April 28, 2017 Author ID:1120576 Share Posted April 28, 2017 Log2.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2017 Root Admin ID:1120759 Share Posted April 29, 2017 Great, okay, that looks good. How is the computer running now? Are there still any signs of an infection? Link to post Share on other sites More sharing options...
Botan Posted April 29, 2017 Author ID:1120763 Share Posted April 29, 2017 No my computer is running normaly now Thanks for your help Ron Link to post Share on other sites More sharing options...
Recommended Posts