Loaris Trojan Remover v.1.3.1.9 Report file date: 2014-03-24 21:16:50 Last update : 2014-03-24 21:16:50 Scanning for 931719 virus strains and unwanted programs. Licensed: UNREGISTERED Windows version: Windows 7 Enterprise x64 (version 6.1) Username: MEDION Computer name: MEDION-PC Starting the file scan: Standard Scan started Startup objects checked BHO plugins checked Services checked ActiveX objects checked Files checked Scanning process... ----- c:\users\medion\appdata\roaming\scrypt\nircmd.exe ---- Startup Threat Trojan.Ap#AS MD5: BA2CF7D2D09AE9A29445704BD1B4F67B:44032 SUBS: Win32 GUI FUZ: 768:O1FaQ57qJIUnwiCr5FQrnrLQ5gz8mpFHFsHNXVzflcipN0h7QEC0SJrcV:kFl7qeUnwiwmvZFtKNhFpa7QKSJrcVj PE: x86 EPSEC: 1 EPRVA: 00019CB0 IBASE: 00400000 EP:60BE000041008DBE0010FFFF57EB0B908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11 SEC: UPX0:E0000080:00000000000000000000000000000000:0 UPX1:E0000040:CD1974817809376141FB3D5D506C965F:40960 .rsrc:C0000040:E59CF307D6D6DAB2237C907844D4ED05:2048 ----- C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll ---- General Adware.Win32.Rotbrow.fpl.sm ProdVer: 1.1.4.1 FileVer: 1.1.4.1 Name : Alert Company: Conduit Ltd. NAC: 68D0A6C3FF3C4CD069791BD081BF0898:17 MD5: 6796F6E449F90A543DC3345538ACC46F:638560 SUBS: Win32 GUI PE: x86 EPSEC: 0 EPRVA: 0004CC4F IBASE: 10000000 EP:8BFF558BEC837D0C017505E8CA830000FF75088B4D108B550CE8ECFEFFFF595DC20C008BFF558BEC8B4508668B550CEB07663BCA741140400FB7086685C975F166 SEC: .text:60000020:FB8DA2B148BCD5D19579018CA9A9981C:419840 .rdata:40000040:9DA88F51F2399BF2507D8277758FE668:124928 .data:C0000040:CB2B48B26614D934F8A05C8EFAA4DE63:10752 .rsrc:40000040:EFFEEAD1947A4FEBCEAC067A1FD8F9D4:36352 .reloc:42000040:53D11E9B90A58B3987C7D61AEE0AE583:42496 ----- C:\Program Files (x86)\Conduit ---- General Adware.Win32.Rotbrow.fpl.sm ----- c:\users\medion\appdata\local\Mobogenie\adb.black_devices ---- General Adware.Win32.Gen.fpl.sm MD5: 075C001129B916256187D729E3900A6E:22 SUBS: Unknown FUZ: 3:PUkfVTv:skflv PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\adb.write_devices ---- General Adware.Win32.Gen.fpl.sm MD5: D41D8CD98F00B204E9800998ECF8427E:0 SUBS: Unknown FUZ: 0:: PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\client.time ---- General Adware.Win32.Gen.fpl.sm MD5: A1823105F2FDE62EABC55AF36E9355F3:10 SUBS: Unknown FUZ: 3:PHspn:0pn PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\damo.time ---- General Adware.Win32.Gen.fpl.sm MD5: 3BD83E34146F9AB1749976FAF3E17D6A:10 SUBS: Unknown FUZ: 3:PHhr:p PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\Data\mobogenie_u_user_dl.mg ---- General Adware.Win32.Gen.fpl.sm MD5: EBEE736AEC90A4F5D1E115F145FD8956:3072 SUBS: Unknown FUZ: 12:HL1YgTvmfbrot1gcWNlH3H60K0xRAAXAEFOUu6AwzFukMI:r+gTiyCNRq0K0f1XnTzrMI PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\driverresult.log ---- General Adware.Win32.Gen.fpl.sm MD5: D41D8CD98F00B204E9800998ECF8427E:0 SUBS: Unknown FUZ: 0:: PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\mobo.uuid ---- General Adware.Win32.Gen.fpl.sm MD5: 3B76DE491CBADA011FCEC36CB61C918D:32 SUBS: Unknown FUZ: 3:wjQUQkWg8nr:wjQpkWrr PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\Source.mu ---- General Adware.Win32.Gen.fpl.sm MD5: 2D6CC4B2D139A53512FB8CBB3086AE2E:3 SUBS: Unknown FUZ: 3:AS:AS PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\updatepop.time ---- General Adware.Win32.Gen.fpl.sm MD5: 3BD83E34146F9AB1749976FAF3E17D6A:10 SUBS: Unknown FUZ: 3:PHhr:p PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie\Version\CacheVersion\release-update.xml ---- General Adware.Win32.Gen.fpl.sm MD5: EEB918BCB7199F90354D0A93D91B1A5F:935 SUBS: Unknown FUZ: 24:2dOZQkG0gcDb6lrAu8bIxeNSr1PgQSrAfIz:cJVNDxe6y3Xz PE: x86 EP:00 SEC: ----- c:\users\medion\appdata\local\Mobogenie ---- General Adware.Win32.Gen.fpl.sm ----- (x64) HKLM\software\classes\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5} ---- Registry Adware.Win32.pl.rc ----- HKCU\software\appdatalow\software\conduitsearchscopes ---- Registry Adware.Win32.pl.rc ----- HKCU\software\appdatalow\software\conduit ---- Registry Adware.Win32.pl.rc ----- HKCR\interface\{79fb5fc8-44b9-4af5-badd-cce547f953e5} ---- Registry Adware.Win32.pl.rc ----- (x86) HKLM\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} ---- Registry Adware.Win32.pl.rc ----- (x86) HKLM\software\conduit ---- Registry Adware.Win32.Gen.pl.sm ----- C:\Users\MEDION\Desktop\DRIVER\Bluetooth (option)\XP_1085.8.727.2009\Win32\Lang\1034\KB818801_1034.exe ---- General Trojan.Slugin!t ProdVer: 5.3.0018.6 FileVer: 5.3.0018.6 built by: srv03_qfe Name : Microsoft® Windows® Operating System Company: Microsoft Corporation NAC: 34DD9102B48A6D2A8091D468E3540CBE:57 MD5: 89A0BD6FE7B0DF39CF27051B41718BA0:329064 SUBS: Win32 GUI FUZ: 6144:j7e6hErJLpgKuZzSMDDGGJZ5rI+RFMAMxHdZvWJnM88Knhs64ofFIc/S3/Os:jKcErJLpgKuZ22DGkZe4aA4dRsnM8DeP PE: x86 EPSEC: 0 EPRVA: 00004D3A IBASE: 01000000 EP:E903FAFFFF8B442404EB1780F93B750C84C97414408A0880F90A75F48038207F09408A0884C975E333C0C204008B4C2404EB0584C07411418A013C0A75F54151E8 SEC: .text:60000020:C457700E2004B3B1ECEFC40FB46A0416:27648 .data:C0000040:7F7ABBB5721F785EA623021F53E43752:512 .rsrc:40000040:1379AEB8C00DA2AE7DB6B57A95798106:293376 ----- C:\Users\MEDION\Desktop\DRIVER\Bluetooth (option)\XP_1085.8.727.2009\Win32\Lang\1036\KB818801_1036.exe ---- General Trojan.Slugin!t ProdVer: 5.3.0018.6 FileVer: 5.3.0018.6 built by: srv03_qfe Name : Microsoft® Windows® Operating System Company: Microsoft Corporation NAC: 34DD9102B48A6D2A8091D468E3540CBE:57 MD5: BC9B7DDB091934D4BA8768B90C6599B6:330088 SUBS: Win32 GUI FUZ: 6144:L7e6hEoq/uAmch0lW64YAGHLd6m6ZhLOvCxMpDjvF1jjLNyHhn77k7X3/:LKcEP/XfQLZyQvQ2bzjLNyoX3/ PE: x86 EPSEC: 0 EPRVA: 00004D3A IBASE: 01000000 EP:E903FAFFFF8B442404EB1780F93B750C84C97414408A0880F90A75F48038207F09408A0884C975E333C0C204008B4C2404EB0584C07411418A013C0A75F54151E8 SEC: .text:60000020:C457700E2004B3B1ECEFC40FB46A0416:27648 .data:C0000040:FC507B0B40B3986DD5838AC5AB34DF5D:512 .rsrc:40000040:23206A5CEFD5E16B33720EADAA886378:294400 ----- C:\Users\MEDION\Desktop\DRIVER\Bluetooth (option)\XP_1085.8.727.2009\Win32\Lang\1042\Q816650_1042.exe ---- General Trojan.Slugin!t ProdVer: 5.3.0016.3 FileVer: 5.3.0016.3 (xpclnt_qfe.020226-1835) Name : Microsoft® Windows® Operating System Company: Microsoft Corporation NAC: 34DD9102B48A6D2A8091D468E3540CBE:57 MD5: 9021B7D70A483DC9D2FA7A2BB9EFD337:276328 SUBS: Win32 GUI FUZ: 6144:peEjWdnuw+TPaLDzdhAIh1UvPlw129pvANPX903MifXS1sJ7YlkaE:peEaz+ydX12k90ciPS1wSfE PE: x86 EPSEC: 0 EPRVA: 000031FD IBASE: 01000000 EP:E9C5FAFFFF558BEC568B75086804080000FFD65933C93BC1750F516A05FF7528E82E11000033C0EB698B550C838888000000FF838884000000FF8950048B551089 SEC: .text:60000020:565455167F60C4CDEA7C7AA5B6FD92FF:22016 .data:C0000040:E0F5C45C00D33CEA9ADE5478FA84AA6D:512 .rsrc:40000040:24941C2C6682464C4449D4CCBA580AAB:245760 ----- C:\ProgramData\Conduit\Multi\CT3225826\UninstallerUI.exe ---- General Adware.Win32.Gen.sm!n ProdVer: FileVer: 1.4.0.1 Company: Conduit NAC: 2B527A1E021684107CEE797A5A85F86B:7 MD5: B23D301E29F53C9C8EBE007F17812170:1715696 SUBS: Win32 GUI RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744 PE: x86 EPSEC: 0 EPRVA: 000038AF IBASE: 00400000 EP:81ECD4020000535556576A2033ED5E896C2418C744241068A24000896C2414FF15309040006801800000FF15B490400055FF15C09240006A08A398EB4700E8362A SEC: .text:60000020:419D4E1BE1AC35A5DB9C47F553B27CEA:29696 .rdata:40000040:CCA1CA3FBF99570F6DE9B43CE767F368:11264 .data:C0000040:77F0839F8EBEA31040E462523E1C770E:512 .ndata:C0000080:00000000000000000000000000000000:0 .rsrc:40000040:BB87BA726177444B3EC98C1151CF1728:3584 .reloc:42000040:1FA3DC2E831AC02EC37C36AD5694C7AF:4096 ----- C:\ProgramData\Conduit\Multi\CT3289075\UninstallerUI.exe ---- General Adware.Win32.Gen.sm!n ProdVer: FileVer: 1.4.0.1 Company: Conduit NAC: 2B527A1E021684107CEE797A5A85F86B:7 MD5: B23D301E29F53C9C8EBE007F17812170:1715696 SUBS: Win32 GUI RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744 PE: x86 EPSEC: 0 EPRVA: 000038AF IBASE: 00400000 EP:81ECD4020000535556576A2033ED5E896C2418C744241068A24000896C2414FF15309040006801800000FF15B490400055FF15C09240006A08A398EB4700E8362A SEC: .text:60000020:419D4E1BE1AC35A5DB9C47F553B27CEA:29696 .rdata:40000040:CCA1CA3FBF99570F6DE9B43CE767F368:11264 .data:C0000040:77F0839F8EBEA31040E462523E1C770E:512 .ndata:C0000080:00000000000000000000000000000000:0 .rsrc:40000040:BB87BA726177444B3EC98C1151CF1728:3584 .reloc:42000040:1FA3DC2E831AC02EC37C36AD5694C7AF:4096 ----- C:\ProgramData\everest\setup.exe ---- General Malware.Win32.Gen.6901.sm!f0 MD5: 5272F4F3BD7297BD0651EF774826B4D0:31232 SUBS: Win32 GUI FUZ: 768:U/0vWEp1VNP2GCKuy+oo767qNIi49jEtSu:U6xNPXHSY9jiA PE: x64 EPSEC: 1 EPRVA: 00015271 IBASE: 0000000140000000 EP:57565351524150488D05DE0A0000488B304803F0482BC0488BFE66ADC1E00C488BC850AD2BC84803F18BC857448BC1FFC98A44390688043175F54151552BC0AC8B SEC: .MPRESS:E00000E0:A4AC9406AA014EC35C55AC346E3A00FF:26112 .MPRESS:E00000E0:4EE9255294C8C4BC89EF0B832BD395CB:3584 .rsrc:C0000040:ABE5461DCAC4C53A648663185F88DF99:1024 ----- H:\Gry\Need for Speed Rivals\Uninstall\unins000.exe ---- General Malware.Win32.Gen.ce6d.sm!t1 ProdVer: FileVer: 51.1052.0.0 MD5: 1611E6411F416EBCD9F0F0219F5FE7E8:1188249 SUBS: Win32 GUI RIC: 36301B06D96794B65CE62604C3C03E98:4640 RFH: 48:T/Rx4H4ONkUvOvg9wMSDQPxQV3Po8w+RV4yMXU3X9q7ONkUvOvg9wMSDQPxQV3P8:MYONfeZEWVArvU3mONfeZEWV4+xF9p PE: x86 EPSEC: 1 EPRVA: 000FD004 IBASE: 00400000 EP:558BEC83C4F0535657B8CCB94F00E825BFF0FF6AECA1100E50008B008B987001000053E8B8CDF0FF257FFFFFFF506AECA1100E500053E80DD0F0FF33C055687FD0 SEC: .text:60000020:CED31204773E5748244238DA34251F43:1028096 .itext:60000020:B2EA897C98FE8CF13C060B06A91B378E:5120 .data:C0000040:BE2C28E2E9865FB83E65A7234A2A8EE9:12800 .bss:C0000000:00000000000000000000000000000000:0 .idata:C0000040:762CB1B171BE0C78ABF7E1AC570AAFB8:14336 .tls:C0000000:00000000000000000000000000000000:0 .rdata:40000040:A41127BAD82CFAEB09FAB5E98276A941:512 .rsrc:40000040:6E2544CE574C49B83A2B6F60B0D6DD54:103424 ----- C:\ProgramData\Microsoft\Windows\GameExplorer\{3144FD73-799D-4E1A-976F-159CD7CB9FC9}\PlayTasks\3\Uninstall.lnk ---- General Malware.Win32.Gen.ce6d.sm!t1 MD5: 399A6E82F56A569CD32FFC99345BDB08:811 SUBS: Unknown FUZ: 12:8YMNVPttRmbvp/JPrNapFG1rdpITujAGCrBPrThGwpAx3xLn:8YMK8DIUTSAGqhNpAx3xL PE: x86 EP:00 SEC: Scan completed Scan result: 28 detected items Scan completed in: Scan completed in 17 minute(s) 54 sec. Files were scanned: 17911