Poslao: 23 Sep 2013 15:55
|
offline
- neco1993
- Novi MyCity građanin
- Pridružio: 05 Dec 2012
- Poruke: 15
|
Napisano: 23 Sep 2013 14:10
ComboFix 13-09-22.01 - Mr GooD 23.09.2013 13:55:47.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3072.1512 [GMT 2:00]
Running from: c:\users\Mr GooD\Desktop\ComboFix.exe
Command switches used :: c:\users\Mr GooD\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
.
.
((((((((((((((((((((((((( Files Created from 2013-08-23 to 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 12:02 . 2013-09-23 12:02 -------- d-----w- c:\users\Mr GooD\AppData\Local\temp
2013-09-23 12:02 . 2013-09-23 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 01:37 . 2013-09-23 02:30 -------- d-----w- c:\users\Mr GooD\AppData\Roaming\Airytec
2013-09-23 01:37 . 2013-09-23 02:30 -------- d-----w- c:\program files\Airytec
2013-09-22 20:41 . 2013-09-22 20:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-22 13:48 . 2013-09-22 13:48 -------- d-----w- c:\programdata\NexonEU
2013-09-22 13:10 . 2013-09-22 13:10 -------- d-----w- c:\programdata\NexonUS
2013-09-20 19:46 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 11:21 . 2013-09-15 22:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD16A56-23CD-4754-8499-E43AECAFA307}\mpengine.dll
2013-09-11 11:52 . 2013-09-11 11:52 -------- d-----w- c:\users\Mr GooD\AppData\Roaming\.mono
2013-09-07 16:05 . 2013-09-07 16:07 -------- d-----w- c:\program files\Google
2013-09-02 22:27 . 2013-09-04 18:15 -------- d-----w- c:\users\Mr GooD\AppData\Roaming\Awesomium
2013-09-01 10:19 . 2013-09-01 10:54 283032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-01 10:19 . 2013-09-01 10:19 -------- d-----w- c:\users\Mr GooD\AppData\Local\PunkBuster
2013-09-01 10:02 . 2013-09-01 10:02 138056 ----a-w- c:\users\Mr GooD\AppData\Roaming\PnkBstrK.sys
2013-08-31 17:51 . 2013-08-31 17:51 -------- d-----w- c:\programdata\PWD
2013-08-30 22:26 . 2013-08-30 22:26 -------- d-----w- c:\program files\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 20:45 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-09-11 12:55 . 2012-12-09 21:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:55 . 2012-12-09 21:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 10:31 . 2012-12-29 07:22 283032 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-08-07 02:22 . 2012-12-09 17:53 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 21584
Created time: 2009-07-13 23:11
Modified time: 2013-09-22 20:45
MD5: 338C86357871C167A96AB976519BF59E
SHA1: E99E20970139FB1E67BBC54FA8A61C18A4FCE36E
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="d:\program files\Programi\deamon tols\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"CCleaner"="d:\program files\cclener\ccleaner.exe" [2013-08-21 3676952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- d:\program files\Programi\deamon tols\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 08:18 19875944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 gupdate1ceabe4a758859;Google Update Service (gupdate1ceabe4a758859);c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 gupdatem1ceabe4b15048c;Google Update Service (gupdatem1ceabe4b15048c);c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 116648]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-14 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;d:\program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TeamViewer8;TeamViewer 8;d:\program files\Programi\Version8\TeamViewer_Service.exe [2013-09-12 5071712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 22:13 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 12:55]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000Core.job
- c:\users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 14:17]
.
2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000UA.job
- c:\users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 14:17]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 16:05]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 16:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-23 14:06:28
ComboFix-quarantined-files.txt 2013-09-23 12:06
ComboFix2.txt 2013-09-22 21:15
.
Pre-Run: 11.090.817.024 bytes free
Post-Run: 10.911.490.048 bytes free
.
- - End Of File - - 335AA5EE50D85A9806FFA896D74FB28C
A36C5E4F47E84449FF07ED3517B43A31
Dopuna: 23 Sep 2013 15:55
brt ti odg. i ne zakljucavajte temu necu biti tu par dana ... pa cemo nastaviti ako moze ? :=) hvala <3
|
|
|
|
|
Poslao: 25 Sep 2013 10:29
|
offline
- neco1993
- Novi MyCity građanin
- Pridružio: 05 Dec 2012
- Poruke: 15
|
Napisano: 25 Sep 2013 10:29
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Mr GooD (administrator) on NECO-PC on 25-09-2013 10:16:30
Running from D:\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) D:\Program files\Programi\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program files\Programi\deamon tols\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [CCleaner] - D:\Program files\cclener\ccleaner.exe [3676952 2013-08-21] (Piriform Ltd)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3894739CEF8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-ME
SearchScopes: HKCU - DefaultScope {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=119776&tt=120613_ndc&babsrc=SP_ss&mntrId=3E25001FD001F30A
SearchScopes: HKCU - {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={sear
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWOGodBX&i=26
SearchScopes: HKCU - {E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} URL = t3-3.search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program files\Programi\JAVA\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program files\Programi\JAVA\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default
FF user.js: detected! => C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\Program files\Programi\JAVA\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mr GooD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mr GooD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
FF Extension: torntv2 - C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - D:\Program files\Programi\mozila\firefox.exe
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mr GooD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - D:\Program files\Programi\JAVA\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Video DL Extension) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccffeekghipibbonegajpcandhapegl\5.5.2_0
CHR Extension: (YouTube) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\MRGOOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [oemdgpalcpaincbfbabgcemjmgdkibho] - C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
========================== Services (Whitelisted) =================
S2 gupdate1ceabe4a758859; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.)
S3 gupdatem1ceabe4b15048c; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.)
R2 MBAMScheduler; D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TeamViewer8; D:\Program files\Programi\Version8\TeamViewer_Service.exe [5071712 2013-09-12] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-15] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
S3 gdrv; C:\Windows\gdrv.sys [16608 2012-12-09] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [11376 2002-10-08] ()
S3 catchme; \??\C:\Users\MRGOOD~1\AppData\Local\Temp\catchme.sys [x]
S3 ProcObsrv; \??\D:\Program files\Glary Utilities 3\ProcObsrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-25 10:16 - 2013-09-25 10:16 - 00000000 ____D C:\FRST
2013-09-24 22:24 - 2013-09-25 03:24 - 00016306 _____ C:\Windows\WindowsUpdate.log
2013-09-23 16:47 - 2013-09-23 16:47 - 00000841 _____ C:\Users\Mr GooD\Desktop\CS 1.6 FULL v42.lnk
2013-09-23 13:53 - 2013-09-22 23:06 - 05129542 ____R (Swearware) C:\Users\Mr GooD\Desktop\ComboFix.exe
2013-09-23 03:37 - 2013-09-23 04:30 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Airytec
2013-09-23 03:37 - 2013-09-23 04:30 - 00000000 ____D C:\Program Files\Airytec
2013-09-22 23:07 - 2013-09-23 14:06 - 00000000 ____D C:\Qoobox
2013-09-22 23:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-22 23:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-22 23:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-22 23:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-22 23:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-22 23:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-22 23:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-22 23:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-22 23:06 - 2013-09-22 23:14 - 00000000 ____D C:\Windows\erdnt
2013-09-22 22:41 - 2013-09-22 22:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-22 15:48 - 2013-09-22 15:48 - 00000000 ____D C:\ProgramData\NexonEU
2013-09-22 15:10 - 2013-09-22 15:10 - 00000000 ____D C:\ProgramData\NexonUS
2013-09-20 21:46 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 19:41 - 2013-09-20 19:41 - 00000020 ___SH C:\Users\Mr GooD\ntuser.ini
2013-09-16 23:31 - 2013-09-16 23:31 - 00000800 _____ C:\Users\Mr GooD\Desktop\DeadZone.lnk
2013-09-16 23:31 - 2013-09-16 23:31 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MADFINGER Games
2013-09-11 13:52 - 2013-09-11 13:52 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\.mono
2013-09-07 18:07 - 2013-09-20 00:18 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 18:05 - 2013-09-07 18:07 - 00000000 ____D C:\Program Files\Google
2013-09-03 00:27 - 2013-09-04 20:15 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Awesomium
2013-09-01 12:42 - 2013-09-01 12:42 - 00000000 ____D C:\Users\Mr GooD\Documents\WB Games
2013-09-01 12:19 - 2013-09-01 12:54 - 00283032 _____ C:\Windows\system32\PnkBstrB.xtr
2013-09-01 12:19 - 2013-09-01 12:19 - 00000000 ____D C:\Users\Mr GooD\AppData\Local\PunkBuster
2013-09-01 12:02 - 2013-09-01 12:02 - 00138056 _____ C:\Users\Mr GooD\AppData\Roaming\PnkBstrK.sys
2013-08-31 19:51 - 2013-08-31 19:51 - 00000000 ____D C:\ProgramData\PWD
2013-08-31 00:26 - 2013-08-31 00:26 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-08-30 21:02 - 2013-09-03 00:26 - 00000000 ____D C:\Users\Mr GooD\Documents\My Games
==================== One Month Modified Files and Folders =======
2013-09-25 10:16 - 2013-09-25 10:16 - 00000000 ____D C:\FRST
2013-09-25 10:10 - 2013-04-01 11:20 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-25 09:55 - 2012-12-09 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-25 07:22 - 2013-06-30 16:17 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000UA.job
2013-09-25 03:24 - 2013-09-24 22:24 - 00016306 _____ C:\Windows\WindowsUpdate.log
2013-09-24 22:29 - 2009-07-14 06:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 22:29 - 2009-07-14 06:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 22:27 - 2012-12-09 19:28 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 22:22 - 2013-04-01 11:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 22:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 16:22 - 2013-06-30 16:17 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000Core.job
2013-09-23 18:00 - 2013-04-03 18:58 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Winamp
2013-09-23 18:00 - 2013-04-01 11:31 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\BitTorrent
2013-09-23 17:57 - 2012-12-09 19:45 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Skype
2013-09-23 16:47 - 2013-09-23 16:47 - 00000841 _____ C:\Users\Mr GooD\Desktop\CS 1.6 FULL v42.lnk
2013-09-23 14:06 - 2013-09-22 23:07 - 00000000 ____D C:\Qoobox
2013-09-23 14:02 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-23 04:30 - 2013-09-23 03:37 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Airytec
2013-09-23 04:30 - 2013-09-23 03:37 - 00000000 ____D C:\Program Files\Airytec
2013-09-23 01:36 - 2013-01-21 17:10 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-22 23:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-22 23:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-22 23:14 - 2013-09-22 23:06 - 00000000 ____D C:\Windows\erdnt
2013-09-22 23:06 - 2013-09-23 13:53 - 05129542 ____R (Swearware) C:\Users\Mr GooD\Desktop\ComboFix.exe
2013-09-22 22:45 - 2009-07-14 01:11 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys
2013-09-22 22:41 - 2013-09-22 22:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-22 15:48 - 2013-09-22 15:48 - 00000000 ____D C:\ProgramData\NexonEU
2013-09-22 15:10 - 2013-09-22 15:10 - 00000000 ____D C:\ProgramData\NexonUS
2013-09-21 19:28 - 2013-02-16 14:41 - 00000000 ____D C:\Users\Mr GooD\AppData\Local\Deployment
2013-09-20 19:41 - 2013-09-20 19:41 - 00000020 ___SH C:\Users\Mr GooD\ntuser.ini
2013-09-20 19:41 - 2012-12-09 19:22 - 00000000 ____D C:\Users\Mr GooD
2013-09-20 19:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-20 19:23 - 2013-07-03 02:19 - 00000000 ____D C:\ProgramData\ESET
2013-09-20 19:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-20 01:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\security
2013-09-20 00:18 - 2013-09-07 18:07 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-16 23:31 - 2013-09-16 23:31 - 00000800 _____ C:\Users\Mr GooD\Desktop\DeadZone.lnk
2013-09-16 23:31 - 2013-09-16 23:31 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MADFINGER Games
2013-09-11 14:55 - 2012-12-09 23:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 14:55 - 2012-12-09 23:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 13:52 - 2013-09-11 13:52 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\.mono
2013-09-11 13:50 - 2013-01-07 09:55 - 00000000 ____D C:\Users\Mr GooD\AppData\Local\Unity
2013-09-07 18:07 - 2013-09-07 18:05 - 00000000 ____D C:\Program Files\Google
2013-09-07 18:07 - 2012-12-09 19:40 - 00000000 ____D C:\Users\Mr GooD\AppData\Local\Google
2013-09-06 17:12 - 2012-12-09 20:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-04 20:15 - 2013-09-03 00:27 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Awesomium
2013-09-03 00:26 - 2013-08-30 21:02 - 00000000 ____D C:\Users\Mr GooD\Documents\My Games
2013-09-03 00:26 - 2012-12-31 19:29 - 00000000 ____D C:\Windows\system32\directx
2013-09-02 23:34 - 2013-01-25 16:19 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\DAEMON Tools Lite
2013-09-01 12:54 - 2013-09-01 12:19 - 00283032 _____ C:\Windows\system32\PnkBstrB.xtr
2013-09-01 12:42 - 2013-09-01 12:42 - 00000000 ____D C:\Users\Mr GooD\Documents\WB Games
2013-09-01 12:31 - 2012-12-29 09:22 - 00283032 _____ C:\Windows\system32\PnkBstrB.ex0
2013-09-01 12:19 - 2013-09-01 12:19 - 00000000 ____D C:\Users\Mr GooD\AppData\Local\PunkBuster
2013-09-01 12:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-01 12:02 - 2013-09-01 12:02 - 00138056 _____ C:\Users\Mr GooD\AppData\Roaming\PnkBstrK.sys
2013-08-31 19:51 - 2013-08-31 19:51 - 00000000 ____D C:\ProgramData\PWD
2013-08-31 00:26 - 2013-08-31 00:26 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-08-30 21:00 - 2013-06-24 14:29 - 00000000 ____D C:\Users\Mr GooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-22 04:14
==================== End Of Log ============================
Dopuna: 25 Sep 2013 10:29
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2013
Ran by Mr GooD at 2013-09-25 10:17:35
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Ashampoo Burning Studio 6 FREE v.6.83 (Version: 6.8.3)
BitTorrent (Version: 7.8.0.29626)
CCleaner (Version: 4.05)
Corel Graphics - Windows Shell Extension (Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW(R) Graphics Suite X5 (Version: 15.0.0.486)
Counter Strike 1.6 FULL v42
DAEMON Tools Lite (Version: 4.47.1.0333)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
GOM Player (Version: 2.1.50.5145)
Google Chrome (Version: 29.0.1547.76)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
iLivid (Version: 4.0.0.3054)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Mega Codec Pack 6.5.0 (Version: 6.5.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
neroxml (Version: 1.0.0)
Shadowgun: DeadZone (Version: 2.0.1)
Skype™ 6.6 (Version: 6.6.106)
swMSM (Version: 12.0.0.1)
TeamViewer 8 (Version: 8.0.20935)
Unity Web Player (HKCU Version: )
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
Winamp (Version: 5.63 )
WinRAR 4.00 (32-bit) (Version: 4.00.0)
==================== Restore Points =========================
25-09-2013 01:24:36 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-09-23 14:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {3F7376F5-F9C3-4B96-9C08-6F98C193AF1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {4A89C83C-99EE-411C-9CEE-9C0F4446CF14} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {5F90D263-6AD8-4048-BE74-C77749BA3061} - System32\Tasks\{07916E01-7BB9-4373-A7B7-7564A13094C5} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {60D1568C-4CF3-45AF-942D-6F9A83F0AE80} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000UA => C:\Users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30] (Facebook Inc.)
Task: {871E385E-3999-4B31-8960-00968BD865DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000Core => C:\Users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30] (Facebook Inc.)
Task: {AE79441D-FC8C-4166-A57D-4591305ADB36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {B3036319-3A89-46BE-94AB-B6E798399007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {B406C272-F15F-4CEE-A31F-B11DE892ACE3} - System32\Tasks\CCleanerSkipUAC => D:\Program files\cclener\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {E1AA8300-25A6-4100-8EC9-176C648E0711} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000Core.job => C:\Users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000UA.job => C:\Users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-20 00:18 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-20 00:18 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-20 00:18 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-20 00:18 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-20 00:18 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A)
Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link
Service: FETNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2013 03:56:33 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e089145f-c9dd-4dc5-b6dc-0b9f6982cda0}
Error: (09/23/2013 01:36:23 AM) (Source: Microsoft Security Client Setup) (User: NECO-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (09/24/2013 06:46:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/24/2013 02:52:13 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/23/2013 08:36:52 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/23/2013 05:58:35 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/23/2013 04:52:40 PM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
Error: (09/23/2013 02:02:25 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/23/2013 01:58:30 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/23/2013 01:55:11 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (09/23/2013 06:46:04 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (09/23/2013 04:31:16 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (09/23/2013 03:56:33 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e089145f-c9dd-4dc5-b6dc-0b9f6982cda0}
Error: (09/23/2013 01:36:23 AM) (Source: Microsoft Security Client Setup)(User: NECO-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (09/22/2013 10:46:10 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700
CodeIntegrity Errors:
===================================
Date: 2013-09-22 19:22:57.428
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 19:22:57.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 18:53:45.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 18:53:45.775
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 18:34:13.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 18:34:13.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 17:28:49.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 17:28:49.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 15:35:10.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-09-22 15:35:10.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 3071.55 MB
Available physical RAM: 1954.16 MB
Total Pagefile: 6141.39 MB
Available Pagefile: 4710.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:29.9 GB) (Free:9.98 GB) NTFS
Drive d: () (Fixed) (Total:119.05 GB) (Free:105.48 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FFF1FFF1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
|
|
|
Poslao: 25 Sep 2013 17:40
|
offline
- neco1993
- Novi MyCity građanin
- Pridružio: 05 Dec 2012
- Poruke: 15
|
Napisano: 25 Sep 2013 17:08
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by Mr GooD at 2013-09-25 17:07:05 Run:1
Running from C:\Users\Mr GooD\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=119776&tt=120613_ndc&babsrc=SP_ss&mntrId=3E25001FD001F30A
SearchScopes: HKCU - {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWOGodBX&i=26
SearchScopes: HKCU - {E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} URL = t3-3.search.com/search?q={searchTerms}
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
FF Extension: torntv2 - C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
CHR HKLM\...\Chrome\Extension: [oemdgpalcpaincbfbabgcemjmgdkibho] - C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
C:\Program Files\Common Files\Spigot
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key not found.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi => Moved successfully.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oemdgpalcpaincbfbabgcemjmgdkibho => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx " => File/Directory not found.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
==== End of Fixlog ====
Dopuna: 25 Sep 2013 17:09
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by Mr GooD at 2013-09-25 17:07:05 Run:1
Running from C:\Users\Mr GooD\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=119776&tt=120613_ndc&babsrc=SP_ss&mntrId=3E25001FD001F30A
SearchScopes: HKCU - {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWOGodBX&i=26
SearchScopes: HKCU - {E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} URL = t3-3.search.com/search?q={searchTerms}
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
FF Extension: torntv2 - C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
CHR HKLM\...\Chrome\Extension: [oemdgpalcpaincbfbabgcemjmgdkibho] - C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
C:\Program Files\Common Files\Spigot
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key not found.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi => Moved successfully.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oemdgpalcpaincbfbabgcemjmgdkibho => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx " => File/Directory not found.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
==== End of Fixlog ====
Dopuna: 25 Sep 2013 17:15
# AdwCleaner v3.005 - Report created 25/09/2013 at 17:10:43
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Mr GooD - NECO-PC
# Running from : C:\Users\Mr GooD\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Mr GooD\AppData\Local\Ilivid
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\jetpack
File Deleted : C:\Users\Mr GooD\Desktop\iLivid.lnk
File Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\\invalidprefs.js
File Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\5853dcdce135e548
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avs-audio-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avs-audio-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16521
-\\ Mozilla Firefox v20.0.1 (en-US)
[ File : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\prefs.js ]
-\\ Google Chrome v29.0.1547.76
[ File : C:\Users\Mr GooD\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3736 octets] - [25/09/2013 17:09:46]
AdwCleaner[S0].txt - [3712 octets] - [25/09/2013 17:10:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3772 octets] ##########
Dopuna: 25 Sep 2013 17:16
A antivirus sam imao nego sam prije nego sto sam se vama obratio ..obrisao .. jer sam mislio ubacim not ... s pirate bay ..medjutim necemo o tome posto je zabranjena takva tema .... microsoft security essential ovaj sam imao da ga instal o5 ?
Dopuna: 25 Sep 2013 17:17
nod tacnije ne not
Dopuna: 25 Sep 2013 17:38
[quote="neco1993"]Napisano: 25 Sep 2013 17:08
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by Mr GooD at 2013-09-25 17:07:05 Run:1
Running from C:\Users\Mr GooD\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=119776&tt=120613_ndc&babsrc=SP_ss&mntrId=3E25001FD001F30A
SearchScopes: HKCU - {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWOGodBX&i=26
SearchScopes: HKCU - {E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} URL = t3-3.search.com/search?q={searchTerms}
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
FF Extension: torntv2 - C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
CHR HKLM\...\Chrome\Extension: [oemdgpalcpaincbfbabgcemjmgdkibho] - C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
C:\Program Files\Common Files\Spigot
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key not found.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi => Moved successfully.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oemdgpalcpaincbfbabgcemjmgdkibho => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx " => File/Directory not found.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
==== End of Fixlog ====
Dopuna: 25 Sep 2013 17:09
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by Mr GooD at 2013-09-25 17:07:05 Run:1
Running from C:\Users\Mr GooD\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=119776&tt=120613_ndc&babsrc=SP_ss&mntrId=3E25001FD001F30A
SearchScopes: HKCU - {24F1D864-576E-4A2A-9B7F-EF498925700E} URL = search.yahoo.com/search?fr=chr-greentree_ie.....=183666&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWOGodBX&i=26
SearchScopes: HKCU - {E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} URL = t3-3.search.com/search?q={searchTerms}
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
FF Extension: torntv2 - C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi
CHR HKLM\...\Chrome\Extension: [oemdgpalcpaincbfbabgcemjmgdkibho] - C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx
C:\Program Files\Common Files\Spigot
*****************
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{24F1D864-576E-4A2A-9B7F-EF498925700E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E915F3CA-90A1-4CC7-9B3C-14C1F2BBF724} => Key not found.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi => Moved successfully.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\searchplugins\delta.xml " => File/Directory not found.
"C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\Extensions\torntv2@torntv.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oemdgpalcpaincbfbabgcemjmgdkibho => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorHelper_1.3.crx " => File/Directory not found.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
==== End of Fixlog ====
Dopuna: 25 Sep 2013 17:15
# AdwCleaner v3.005 - Report created 25/09/2013 at 17:10:43
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Mr GooD - NECO-PC
# Running from : C:\Users\Mr GooD\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\Mr GooD\AppData\Local\Ilivid
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\jetpack
File Deleted : C:\Users\Mr GooD\Desktop\iLivid.lnk
File Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\\invalidprefs.js
File Deleted : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\5853dcdce135e548
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avs-audio-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avs-audio-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16521
-\\ Mozilla Firefox v20.0.1 (en-US)
[ File : C:\Users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\prefs.js ]
-\\ Google Chrome v29.0.1547.76
[ File : C:\Users\Mr GooD\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3736 octets] - [25/09/2013 17:09:46]
AdwCleaner[S0].txt - [3712 octets] - [25/09/2013 17:10:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3772 octets] ##########
Dopuna: 25 Sep 2013 17:16
A antivirus sam imao nego sam prije nego sto sam se vama obratio ..obrisao .. jer sam mislio ubacim "nod" ... s pirate bay ..medjutim necemo o tome posto je zabranjena takva tema .... microsoft security essential sam imao instaliracu ga o5 , preporucujes neki drugi ?
Dopuna: 25 Sep 2013 17:17
Dopuna: 25 Sep 2013 17:40
sta ovo uradih 2x isto stavih xD
|
|
|
|
Poslao: 25 Sep 2013 17:45
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
To bi bilo to, racunar je sada cist. Imao si TDL3 rootkit u sistemu, tako da instaliraj antivirus obavezno. Postoji mnogo dobrih besplatnih varijanti, tako da nemoj koristiti piratske verzije.
Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.
Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.
U liniju za unos teksta ukucaj (iskopiraj) sljedeće:
ComboFix /Uninstall
Primjeti da postoji razmak između "ComboFix" i "/Uninstall".
a zatim klikni OK (ili pritisni Enter).
Sačekaj da se proces deinstalacije završi.
Ponovo pokreni Adwcleaner, klikni na Uninstall i sacekaj dok program ne zavrsi.
Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop
Dvoklikom pokreni program.
Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings
Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt. Ne treba da dostavljas ovaj izvestaj.
Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.
Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/
Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html
Ne bi bilo lose i da bacis pogled na ovu temu, kako bi sam naucio kako da budes siguran na internetu --> http://www.mycity.rs/Zastita/Aplikacija-za-sigurno-surfovanje-Vas-mozak.html
Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html
TwinHeadedEagle (AMF Tim)
|
|
|
|
|