drorl81
Members-
Posts
6 -
Joined
-
Last visited
Reputation
0 NeutralAbout drorl81
- Birthday 05/11/1981
Profile Information
-
Location
isreal
Recent Profile Visitors
484 profile views
-
my pc infected with trojan miner
drorl81 replied to drorl81's topic in Resolved Malware Removal Logs
what the point? i need help everyone download pirat games or software.... thank you for nothing you can close this post , i try to get help from others site. -
my pc infected with trojan miner
drorl81 replied to drorl81's topic in Resolved Malware Removal Logs
and last one frst file Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by Dror at 2015-03-09 19:06:40 Running from C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F46Z8KS Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Game Collector (HKLM-x32\...\{9E6E8929-ECC5-4941-9898-C7C66ACE49F1}_is1) (Version: - Collectorz.com) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 11.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.1 - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA מנהל ההתקן של בקר 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA מנהל התקן עבור נתונים גרפיים 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC) Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.50 - VSO Software) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) לוח הבקרה של NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden עדכוני NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation) תוכנת Intel® Chipset Device (x32 Version: 10.0.13 - Intel® Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-03-2015 20:47:20 Removed ESET NOD32 Antivirus 09-03-2015 10:35:52 Installed McAfee VirusScan Enterprise. 09-03-2015 12:32:16 Removed McAfee VirusScan Enterprise. 09-03-2015 12:35:44 Removed McAfee Agent. 09-03-2015 16:40:53 Removed 7-Zip 9.20 (x64 edition) ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06A8BDA6-0722-4FA9-A497-14CB290B9BDD} - \AutoKMS No Task File <==== ATTENTION Task: {3F01DDC8-232E-4857-8ECB-C2F9D4F9440D} - System32\Tasks\{FB204B8C-C09B-4B1A-89EE-73A8CF7411C3} => pcalua.exe -a "C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDTX0E5\AdobeAIRInstaller.exe" -d C:\Users\Dror\Desktop Task: {A36EBF4D-1103-47C3-A376-7120D0869801} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {BFC4BB9E-522B-4705-AC99-85370B1DE90D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-11 14:52 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-24 00:13 - 2015-02-18 20:00 - 03502592 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax 2015-02-24 00:13 - 2015-02-18 20:00 - 00147456 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ff_libmad.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dror\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASGT => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: MSI_LiveUpdate_Service => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: Steam Client Service => 3 ==================== Accounts: ============================= Administrator (S-1-5-21-1394726961-1820311630-1626729296-500 - Administrator - Disabled) Dror (S-1-5-21-1394726961-1820311630-1626729296-1001 - Administrator - Enabled) => C:\Users\Dror Guest (S-1-5-21-1394726961-1820311630-1626729296-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1394726961-1820311630-1626729296-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x878 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x8e0 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x824 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x6dc שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/09/2015 07:01:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:44:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:08:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:41:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: הקריאה ה- ScRegSetValueExW נכשלה עבור FailureCommand עם השגיאה הבאה: %%5 Error: (03/09/2015 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: הקריאה ה- ScRegSetValueExW נכשלה עבור Start עם השגיאה הבאה: %%5 Error: (03/09/2015 04:31:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:31:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:25:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:25:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:07:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Microsoft Office Sessions: ========================= Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95387801d05a5cdc351fcdC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL19ed918e-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9538e001d05a5cc7814f6bC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL0534fe6c-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95382401d05a5cbfaaa764C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLfd631926-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9536dc01d05a5cba1b3080C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLf8673793-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU 530 @ 2.93GHz Percentage of memory in use: 57% Total physical RAM: 3959.12 MB Available physical RAM: 1680.71 MB Total Pagefile: 7916.42 MB Available Pagefile: 5885.83 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:417.83 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:322.12 GB) NTFS Drive e: () (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 14C56FD3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCC88017) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 149 GB) (Disk ID: 25242523) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
my pc infected with trojan miner
drorl81 replied to drorl81's topic in Resolved Malware Removal Logs
here is another from farbar recovery tool Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03 Ran by Dror at 2015-03-09 19:06:40 Running from C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F46Z8KS Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Game Collector (HKLM-x32\...\{9E6E8929-ECC5-4941-9898-C7C66ACE49F1}_is1) (Version: - Collectorz.com) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 11.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.1 - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA מנהל ההתקן של בקר 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA מנהל התקן עבור נתונים גרפיים 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC) Torchlight II version 1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: 1.25.5.2 - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.50 - VSO Software) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) לוח הבקרה של NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden עדכוני NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden ערכת שפה של Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - HEB (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - HEB) (Version: 10.0.50903 - Microsoft Corporation) תוכנת Intel® Chipset Device (x32 Version: 10.0.13 - Intel® Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-03-2015 20:47:20 Removed ESET NOD32 Antivirus 09-03-2015 10:35:52 Installed McAfee VirusScan Enterprise. 09-03-2015 12:32:16 Removed McAfee VirusScan Enterprise. 09-03-2015 12:35:44 Removed McAfee Agent. 09-03-2015 16:40:53 Removed 7-Zip 9.20 (x64 edition) ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06A8BDA6-0722-4FA9-A497-14CB290B9BDD} - \AutoKMS No Task File <==== ATTENTION Task: {3F01DDC8-232E-4857-8ECB-C2F9D4F9440D} - System32\Tasks\{FB204B8C-C09B-4B1A-89EE-73A8CF7411C3} => pcalua.exe -a "C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZDTX0E5\AdobeAIRInstaller.exe" -d C:\Users\Dror\Desktop Task: {A36EBF4D-1103-47C3-A376-7120D0869801} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {BFC4BB9E-522B-4705-AC99-85370B1DE90D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-11 14:52 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-24 00:13 - 2015-02-18 20:00 - 03502592 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax 2015-02-24 00:13 - 2015-02-18 20:00 - 00147456 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ff_libmad.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1394726961-1820311630-1626729296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dror\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.138 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ASGT => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: MSI_LiveUpdate_Service => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: Steam Client Service => 3 ==================== Accounts: ============================= Administrator (S-1-5-21-1394726961-1820311630-1626729296-500 - Administrator - Disabled) Dror (S-1-5-21-1394726961-1820311630-1626729296-1001 - Administrator - Enabled) => C:\Users\Dror Guest (S-1-5-21-1394726961-1820311630-1626729296-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1394726961-1820311630-1626729296-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x878 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x8e0 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x824 שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: יישום שחלות בו תקלות: nvcplui.exe, גירסה: 8.1.760.0, חותמת זמן: 0x54d3bc7c שם מודול שחלות בו תקלות: NVCPL.DLL, גירסה: 8.17.13.4752, חותמת זמן: 0x54d3b76d קוד חריגה: 0xc0000005 היסט תקלה: 0x000000000005f953 מזהה תהליך שחלות בו תקלות: 0x6dc שעת ההפעלה של היישום שחלות בו תקלות: 0xnvcplui.exe0 נתיב היישום שחלות בו תקלות: nvcplui.exe1 נתיב המודול שחלות בו תקלות: nvcplui.exe2 מזהה דוח: nvcplui.exe3 Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/09/2015 07:01:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:44:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 06:08:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:41:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: הקריאה ה- ScRegSetValueExW נכשלה עבור FailureCommand עם השגיאה הבאה: %%5 Error: (03/09/2015 04:40:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: הקריאה ה- ScRegSetValueExW נכשלה עבור Start עם השגיאה הבאה: %%5 Error: (03/09/2015 04:31:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:31:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:25:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: טעינת מנהלי ההתקנים הבאים מסוג הפעלת-אתחול או הפעלת-מערכת נכשלה: ASPI32 Error: (03/09/2015 04:25:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Error: (03/09/2015 04:07:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: אירעה שגיאה בעת ניסיון לקרוא את קובץ המחשבים המארחים המקומי. Microsoft Office Sessions: ========================= Error: (03/09/2015 04:32:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 04:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 02:38:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:37:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 01:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95387801d05a5cdc351fcdC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL19ed918e-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9538e001d05a5cc7814f6bC:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLL0534fe6c-c650-11e4-8290-4061869423bb Error: (03/09/2015 01:32:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f95382401d05a5cbfaaa764C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLfd631926-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:32:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvcplui.exe8.1.760.054d3bc7cNVCPL.DLL8.17.13.475254d3b76dc0000005000000000005f9536dc01d05a5cba1b3080C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeC:\Windows\system32\NVCPL.DLLf8673793-c64f-11e4-8290-4061869423bb Error: (03/09/2015 01:14:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/09/2015 00:58:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.926 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:37:08.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-09 10:36:42.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU 530 @ 2.93GHz Percentage of memory in use: 57% Total physical RAM: 3959.12 MB Available physical RAM: 1680.71 MB Total Pagefile: 7916.42 MB Available Pagefile: 5885.83 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:417.83 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:322.12 GB) NTFS Drive e: () (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 14C56FD3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCC88017) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 149 GB) (Disk ID: 25242523) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ -
hi everyone...im new here and my english not so good..and i have a problem with my cpu usage... my anti virus hes detected trojan miner and i cant delete him no matter what im trying to do. but....i download this software roguekiller and he found somthing but i dont know how to handle this. software i used to try for the problems roguekiller - find but dont know what to do next malwarebytes anti malware - find nothing adwcleaner - found 4 of the them and delete and preform restart to pc. after a second scan nothing was found but again i run roguekiller and the problems return. this report might help RogueKiller V10.5.2.0 (x64) [Mar 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dror [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 03/09/2015 18:57:35 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤ [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x3b222c0 [iRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x3b222c0 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++ --- User --- [MBR] 5018b619dc5990b26762b56dde298375 [bSP] d0dcff66bed89af345d58bbfef0ad90c : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD5000AAKS-00YGA0 ATA Device +++++ --- User --- [MBR] f25f819634570d7e3ef42bac93ceffd7 [bSP] 89135db499ba69a6d4feab0e44acfeb9 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD1600JS-08NCB1 ATA Device +++++ --- User --- [MBR] 80b2f452c728b00c169a8966014e4da6 [bSP] 02c6115d3e23ea468d219ad9895e95d4 : Legit.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152624 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_03092015_161912.log - RKreport_DEL_03092015_161923.log - RKreport_DEL_03092015_164948.log - RKreport_DEL_03092015_165004.log RKreport_SCN_03092015_095721.log - RKreport_SCN_03092015_155621.log - RKreport_SCN_03092015_161531.log - RKreport_SCN_03092015_162231.log RKreport_SCN_03092015_164741.log
-
thank you i will do as you say....
-
hi everyone...im new here and my english not so good..and i have a problem with my cpu usage... my anti virus hes detected trojan miner and i cant delete him no matter what im trying to do. but....i download this software roughkiller and he found somthing but i dont know how to handle this. this is the report: RogueKiller V10.5.1.0 [Mar 5 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dror [Administrator] Started from : C:\Users\Dror\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4ZWWQ7V\RogueKiller.exe Mode : Scan -- Date : 03/09/2015 09:57:21 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] FreemakeUtilsService.exe(1888) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 17 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Freemake Improver ("C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe") -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1CB13534-2950-47A3-8868-149EA0C8CFBF} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1394726961-1820311630-1626729296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00YGA0 ATA Device +++++ --- User --- [MBR] f25f819634570d7e3ef42bac93ceffd7 [bSP] 89135db499ba69a6d4feab0e44acfeb9 : Windows Vista/7/8 MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 ATA Device +++++ --- User --- [MBR] 5018b619dc5990b26762b56dde298375 [bSP] d0dcff66bed89af345d58bbfef0ad90c : Windows Vista/7/8 MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD1600JS-08NCB1 ATA Device +++++ --- User --- [MBR] 80b2f452c728b00c169a8966014e4da6 [bSP] 02c6115d3e23ea468d219ad9895e95d4 : Legit.Unknown MBR Code Partition table: User = LL1 ... OK User = LL2 ... OK if i posted in the wrong place im sorry... waiting for help thanks