Avira.problem(TR/BitCoinMinerCA.A-32)

1

Avira.problem(TR/BitCoinMinerCA.A-32)

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Napisano: 06 Sep 2013 19:10

U zadnjih nedelju dana mi Avira stalno detektuje TR/BitCoinMinerCA.A-32. Iako ga ubacim u karantin uporno mi ga detektuje nekoliko puta u toku dana. Primetila sam da mi laptop koči,pa predpostavljam da ima veze sa ovim.
mycity.rs/must-login.png

mycity.rs/must-login.png

Molim za pomoć Zaljubljen




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
Run by mira at 18:59:03 on 2013-09-06
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.2355 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=120668&babsrc=HP_ss&mntrId=27B100216B4086B5
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PRB5D9~1\MICROS~1\Windows\STARTM~1\Programs\Startup\RESEAR~1.LNK - C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A1435D0E-07AE-4BE9-80EC-8988E1ADDF48} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: d:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - ExtSQL: 2013-08-31 09:29; Noia4Options@ArisT2; C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\extensions\Noia4Options@ArisT2.xpi
FF - ExtSQL: 2013-08-31 18:32; firefox@mega.co.nz; C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\extensions\firefox@mega.co.nz.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 27b1a7b400000000000000216b4086b5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15864
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.511:24:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120668
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-6 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-6 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-6 108088]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-6 105344]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-20 283200]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="d:\Program Files (x86)\PDFlite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-06 05:16:25 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD875C7-69C0-4542-A3F1-A4679A322CCB}\offreg.dll
2013-09-03 08:37:46 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AD875C7-69C0-4542-A3F1-A4679A322CCB}\mpengine.dll
2013-08-31 20:57:10 -------- d-----w- C:\Windows\System32\MRT
2013-08-31 08:35:32 -------- d-----w- C:\Users\mira\AppData\Roaming\FileAssociationManager
2013-08-14 09:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 09:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-09-03 08:27:36 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-09-03 08:27:36 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-08-31 07:51:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-31 07:51:28 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-06-20 19:36:03 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 19:00:19,52 ===============

Dopuna: 06 Sep 2013 19:13

Da vas ne zbunjujem sa onim "primetila",nije Nikola već njegova mama!

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav i dobrodosli u Ambulantu MyCity foruma.

Potrebno mi je da prikupim jos informacija. Odradi sledece:


Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj sistem je x64bit.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Pod Optional Scan stikliraj "List BCD" i "Driver MD5" opcije.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by mira (administrator) on MIRA-PC on 06-09-2013 21:52:54
Running from C:\Users\mira\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Smart Compute) C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [28201096 2012-01-12] (Electronic Arts)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Researcher.lnk
ShortcutTarget: Researcher.lnk -> C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe (Smart Compute)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = delta-search.com/?affID=120668&babs.....216B4086B5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=120668&babsrc=SP_ss&mntrId=27B100216B4086B5
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default
FF user.js: detected! => C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\user.js
FF Homepage: hxxp://www.google.com/ig?hl=sr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - d:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - d:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml
FF Extension: Theme Font &amp; Size Changer - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
FF Extension: firefox - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Noia4Options - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\Noia4Options@ArisT2.xpi
FF Extension: No Name - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Delta Toolbar) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Gmail) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-06] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-20] (DT Soft Ltd)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys CAA8BC6737DFA3BF1A50175CFB226788
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 39EDE676D17F37AF4573C2B33EC28ACA
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys FD39B98FF1BB8ED3848781497E9D02E0
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 54E47AD086782D3AE9417C155CDCEB9B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 21:52 - 2013-09-06 21:52 - 00000000 ____D C:\FRST
2013-09-06 19:00 - 2013-09-06 19:00 - 00010006 _____ C:\Users\mira\Desktop\dds.txt
2013-09-06 19:00 - 2013-09-06 19:00 - 00004758 _____ C:\Users\mira\Desktop\attach.txt
2013-09-06 16:38 - 2013-09-06 16:38 - 96334488 _____ C:\Windows\SysWOW64\슕᭔Ÿ
2013-09-05 13:17 - 2013-09-05 13:17 - 96044050 _____ C:\Windows\SysWOW64\ᚭ䑥᭔
2013-09-03 10:47 - 2013-09-03 10:47 - 00003040 _____ C:\Windows\System32\Tasks\{5B4E50EF-92DE-4F3C-B68C-54CE9DBBA238}
2013-08-31 22:57 - 2013-08-31 22:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-31 19:39 - 2013-08-31 08:53 - 00000000 ____D C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition
2013-08-31 15:08 - 2013-08-31 15:09 - 00013312 ___SH C:\Users\mira\Documents\Thumbs.db
2013-08-31 10:35 - 2013-08-31 10:35 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-08-31 10:35 - 2013-08-31 10:35 - 00000000 ____D C:\Users\mira\AppData\Roaming\FileAssociationManager
2013-08-31 09:34 - 2013-08-31 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-06 21:52 - 2013-09-06 21:52 - 01948360 _____ (Farbar) C:\Users\mira\Desktop\FRST64.exe
2013-09-06 21:52 - 2013-09-06 21:52 - 00000000 ____D C:\FRST
2013-09-06 21:51 - 2013-04-05 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 20:23 - 2013-04-06 04:17 - 02087047 _____ C:\Windows\WindowsUpdate.log
2013-09-06 19:00 - 2013-09-06 19:00 - 00010006 _____ C:\Users\mira\Desktop\dds.txt
2013-09-06 19:00 - 2013-09-06 19:00 - 00004758 _____ C:\Users\mira\Desktop\attach.txt
2013-09-06 17:39 - 2013-04-06 00:47 - 00000000 ____D C:\Users\mira\AppData\Roaming\Skype
2013-09-06 16:38 - 2013-09-06 16:38 - 96334488 _____ C:\Windows\SysWOW64\슕᭔Ÿ
2013-09-05 19:10 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 19:10 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 19:09 - 2009-07-14 07:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 19:04 - 2013-07-07 21:15 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-09-05 19:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 19:02 - 2009-07-14 06:51 - 00024834 _____ C:\Windows\setupact.log
2013-09-05 13:17 - 2013-09-05 13:17 - 96044050 _____ C:\Windows\SysWOW64\ᚭ䑥᭔
2013-09-04 22:17 - 2013-07-07 21:16 - 00000274 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-09-03 10:47 - 2013-09-03 10:47 - 00003040 _____ C:\Windows\System32\Tasks\{5B4E50EF-92DE-4F3C-B68C-54CE9DBBA238}
2013-09-03 10:27 - 2013-06-07 16:08 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 10:27 - 2013-04-06 00:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 10:27 - 2013-04-06 00:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 09:20 - 2013-04-06 00:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-31 22:59 - 2013-06-21 22:07 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-08-31 22:59 - 2013-04-06 06:58 - 00013166 _____ C:\Windows\PFRO.log
2013-08-31 22:59 - 2013-04-05 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-31 22:58 - 2013-08-31 22:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-31 21:38 - 2013-07-07 21:16 - 00000290 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-08-31 19:53 - 2013-06-09 20:15 - 00000000 ____D C:\Users\mira\AppData\Roaming\Eipix
2013-08-31 17:44 - 2013-06-16 17:14 - 00000000 ____D C:\Users\mira\AppData\Local\EMDM
2013-08-31 15:09 - 2013-08-31 15:08 - 00013312 ___SH C:\Users\mira\Documents\Thumbs.db
2013-08-31 10:35 - 2013-08-31 10:35 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-08-31 10:35 - 2013-08-31 10:35 - 00000000 ____D C:\Users\mira\AppData\Roaming\FileAssociationManager
2013-08-31 09:51 - 2013-04-05 21:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-31 09:51 - 2013-04-05 21:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-31 09:51 - 2013-04-05 21:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-31 09:34 - 2013-08-31 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-31 09:28 - 2013-04-06 00:46 - 00000000 ____D C:\ProgramData\Skype
2013-08-31 09:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-31 08:53 - 2013-08-31 19:39 - 00000000 ____D C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition
2013-08-07 04:22 - 2013-04-05 21:37 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\mira\AppData\Local\Temp\AlawarGameBoxSetup.exe
C:\Users\mira\AppData\Local\Temp\AskSLib.dll
C:\Users\mira\AppData\Local\Temp\bitool.dll
C:\Users\mira\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\mira\AppData\Local\Temp\EAD35A.exe
C:\Users\mira\AppData\Local\Temp\fam-installer.exe
C:\Users\mira\AppData\Local\Temp\file.exe
C:\Users\mira\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\mira\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mira\AppData\Local\Temp\researcher-latest.exe
C:\Users\mira\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\mira\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mira\AppData\Local\Temp\uninst1.exe
C:\Users\mira\AppData\Local\Temp\UninstallEADM.dll
C:\Users\mira\AppData\Local\Temp\{239DBD10-FEDD-4825-B212-DEE8D4841D31}\adobeshockwavextrabundle.exe
C:\Users\mira\AppData\Local\Temp\Temp1_UpdAdlntdoTrlgyBkTwoAB.zip\Adelantado Trilogy Book Two.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gcapi_dll.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gtapi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\LaunchGoogleChrome.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\SymCCIS.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BabMaint.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolForMontiera.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolution.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ccp.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ChromeToolbarSetup.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\CrxInstaller.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\GUninstaller.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\IEHelper.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\MyBabylonTB.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\Setup.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {bfc26816-9e67-11e2-95de-cf50ff535ac8}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {bfc26818-9e67-11e2-95de-cf50ff535ac8}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {bfc26816-9e67-11e2-95de-cf50ff535ac8}
nx OptIn

Windows Boot Loader
-------------------
identifier {bfc26818-9e67-11e2-95de-cf50ff535ac8}
device ramdisk=[C:]\Recovery\bfc26818-9e67-11e2-95de-cf50ff535ac8\Winre.wim,{bfc26819-9e67-11e2-95de-cf50ff535ac8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bfc26818-9e67-11e2-95de-cf50ff535ac8\Winre.wim,{bfc26819-9e67-11e2-95de-cf50ff535ac8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {bfc26816-9e67-11e2-95de-cf50ff535ac8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {bfc26819-9e67-11e2-95de-cf50ff535ac8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bfc26818-9e67-11e2-95de-cf50ff535ac8\boot.sdi



LastRegBack: 2013-09-06 15:42

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Arrow Mozes li da nam uslikas da vidimo sta ti to avira detektuje? Putanja fajla nam je bitna.




Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=120668&babs.....216B4086B5
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=120668&babsrc=SP_ss&mntrId=27B100216B4086B5
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml
CHR Extension: (Delta Toolbar) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
C:\Users\mira\AppData\Local\Temp\AlawarGameBoxSetup.exe
C:\Users\mira\AppData\Local\Temp\AskSLib.dll
C:\Users\mira\AppData\Local\Temp\bitool.dll
C:\Users\mira\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\mira\AppData\Local\Temp\EAD35A.exe
C:\Users\mira\AppData\Local\Temp\fam-installer.exe
C:\Users\mira\AppData\Local\Temp\file.exe
C:\Users\mira\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\mira\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mira\AppData\Local\Temp\researcher-latest.exe
C:\Users\mira\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\mira\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mira\AppData\Local\Temp\uninst1.exe
C:\Users\mira\AppData\Local\Temp\UninstallEADM.dll
C:\Users\mira\AppData\Local\Temp\{239DBD10-FEDD-4825-B212-DEE8D4841D31}\adobeshockwavextrabundle.exe
C:\Users\mira\AppData\Local\Temp\Temp1_UpdAdlntdoTrlgyBkTwoAB.zip\Adelantado Trilogy Book Two.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gcapi_dll.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gtapi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\LaunchGoogleChrome.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\SymCCIS.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BabMaint.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolForMontiera.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolution.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ccp.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ChromeToolbarSetup.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\CrxInstaller.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\GUninstaller.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\IEHelper.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\MyBabylonTB.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\Setup.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\sqlite3.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Researcher.lnk
ShortcutTarget: Researcher.lnk -> C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe (Smart Compute)
Folder: C:\Program Files (x86)\Dll-Files.com
Folder: C:\temp
CMD: dir /a C:\
Task: {5D406F93-40A9-468F-BBE2-4B611D2B51DF} - System32\Tasks\ResearcherUpdater => C:\Program Files (x86)\Smart Compute\Researcher\Updater.exe [2013-05-29] (Researcher)
C:\Program Files (x86)\Smart Compute
CMD: netsh winsock reset
CMD: ipconfig /flushdns
Hosts:
END


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum



----- potom -----


> Ponovo pokreni FRST, stikliraj opcju Addition.txt, klikni na dugme Scan i postavi mi sveze kreirane FRST.txt i Addition.txt logove na uvid.



----- potom -----


Zapakuj sledeci folder:
C:\FRST\Quarantine

Posalji mi ga na analizu preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Napisano: 07 Sep 2013 10:59

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2013
Ran by mira at 2013-09-07 09:29:37 Run:1
Running from C:\Users\mira\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = delta-search.com/?affID=120668&babs.....216B4086B5
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = delta-search.com/?q={searchTerms}&affID=120668&babsrc=SP_ss&mntrId=27B100216B4086B5
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml
CHR Extension: (Delta Toolbar) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
C:\Users\mira\AppData\Local\Temp\AlawarGameBoxSetup.exe
C:\Users\mira\AppData\Local\Temp\AskSLib.dll
C:\Users\mira\AppData\Local\Temp\bitool.dll
C:\Users\mira\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\mira\AppData\Local\Temp\EAD35A.exe
C:\Users\mira\AppData\Local\Temp\fam-installer.exe
C:\Users\mira\AppData\Local\Temp\file.exe
C:\Users\mira\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\mira\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mira\AppData\Local\Temp\researcher-latest.exe
C:\Users\mira\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\mira\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mira\AppData\Local\Temp\uninst1.exe
C:\Users\mira\AppData\Local\Temp\UninstallEADM.dll
C:\Users\mira\AppData\Local\Temp\{239DBD10-FEDD-4825-B212-DEE8D4841D31}\adobeshockwavextrabundle.exe
C:\Users\mira\AppData\Local\Temp\Temp1_UpdAdlntdoTrlgyBkTwoAB.zip\Adelantado Trilogy Book Two.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gcapi_dll.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gtapi.dll
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\LaunchGoogleChrome.exe
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\SymCCIS.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BabMaint.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolForMontiera.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolution.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ccp.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ChromeToolbarSetup.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\CrxInstaller.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\GUninstaller.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\IEHelper.dll
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\MyBabylonTB.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\Setup.exe
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\sqlite3.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Researcher.lnk
ShortcutTarget: Researcher.lnk -> C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe (Smart Compute)
Folder: C:\Program Files (x86)\Dll-Files.com
Folder: C:\temp
CMD: dir /a C:\
Task: {5D406F93-40A9-468F-BBE2-4B611D2B51DF} - System32\Tasks\ResearcherUpdater => C:\Program Files (x86)\Smart Compute\Researcher\Updater.exe [2013-05-29] (Researcher)
C:\Program Files (x86)\Smart Compute
CMD: netsh winsock reset
CMD: ipconfig /flushdns
Hosts:
END
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml => Moved successfully.
"C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\babylon.xml" => File/Directory not found.
"C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\searchplugins\delta.xml" => File/Directory not found.
C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Moved successfully.
"C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" => File/Directory not found.
C:\Users\mira\AppData\Local\Temp\AlawarGameBoxSetup.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\drm_dyndata_7390006.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\EAD35A.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\fam-installer.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\file.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\researcher-latest.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\{239DBD10-FEDD-4825-B212-DEE8D4841D31}\adobeshockwavextrabundle.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Temp1_UpdAdlntdoTrlgyBkTwoAB.zip\Adelantado Trilogy Book Two.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gcapi_dll.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gi.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\gtapi.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\LaunchGoogleChrome.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\Adobe\Shockwave 12\SymCCIS.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BabMaint.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolForMontiera.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\BUSolution.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ccp.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\ChromeToolbarSetup.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\CrxInstaller.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\GUninstaller.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\IEHelper.dll => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\MyBabylonTB.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\Setup.exe => Moved successfully.
C:\Users\mira\AppData\Local\Temp\5963985E-BAB0-7891-B884-FD06B323874D\sqlite3.dll => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Researcher.lnk => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\Researcher.exe => Moved successfully.

========================= Folder: C:\Program Files (x86)\Dll-Files.com ========================

Directory Not Found

====== End of Folder: ======


========================= Folder: C:\temp ========================

Directory Not Found

====== End of Folder: ======


========= dir /a C:\ =========

Volume in drive C has no label.
Volume Serial Number is 27B1-A7B4

Directory of C:\

05.04.2013 20:37 <DIR> $Recycle.Bin
13.06.2013 00:20 <DIR> 853bf6a35bea07b7d880a292506e
18.09.2006 23:43 24 autoexec.bat
06.04.2013 05:12 <DIR> boot
14.07.2009 03:38 383.562 bootmgr
06.04.2013 05:12 8.192 BOOTSECT.BAK
18.09.2006 23:43 10 config.sys
14.07.2009 07:08 <JUNCTION> Documents and Settings [C:\Users]
17.02.2009 19:17 <JUNCTION> Dokumente und Einstellungen [C:\Users]
06.09.2013 21:52 <DIR> FRST
07.09.2013 08:43 3.219.017.728 hiberfil.sys
16.12.2008 05:55 <DIR> HP
08.04.2010 12:12 0 IO.SYS
08.04.2010 12:12 0 MSDOS.SYS
17.02.2009 19:21 <DIR> MSOCache
07.09.2013 08:43 4.292.026.368 pagefile.sys
14.07.2009 05:20 <DIR> PerfLogs
06.04.2013 00:33 <DIR> Program Files
31.08.2013 09:34 <DIR> Program Files (x86)
07.07.2013 21:42 <DIR> ProgramData
17.02.2009 19:17 <JUNCTION> Programme [C:\Program Files]
05.04.2013 20:20 <DIR> Recovery
11.06.2009 15:57 268 sqmdata00.sqm
11.06.2009 15:57 244 sqmnoopt00.sqm
28.03.2009 13:04 <DIR> SwSetup
07.09.2013 08:49 <DIR> System Volume Information
17.02.2009 19:27 <DIR> System.sav
05.04.2013 20:35 <DIR> Users
05.04.2013 20:34 9 wedaolu
06.09.2013 21:54 <DIR> Windows
05.04.2013 22:04 <DIR> Windows.old
05.04.2013 20:34 206.312 ZBBFY
12 File(s) 7.511.642.717 bytes
20 Dir(s) 114.397.769.728 bytes free

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D406F93-40A9-468F-BBE2-4B611D2B51DF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D406F93-40A9-468F-BBE2-4B611D2B51DF} => Key deleted successfully.
C:\Windows\System32\Tasks\ResearcherUpdater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ResearcherUpdater => Key deleted successfully.

"C:\Program Files (x86)\Smart Compute" directory move:

C:\Program Files (x86)\Smart Compute\Researcher\amber.ico => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\diablo130302.cl => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\diakgcn121016.cl => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\green.ico => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\icon.ico => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\libcurl.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\libeay32.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\libidn-11.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\libjansson-4.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\phatk121016.cl => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\poclbm130302.cl => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\pthreadGC2.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\red.ico => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\scbc.exe => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\scrypt130302.cl => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\ssleay32.dll => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\uninstaller.exe => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\Updater.exe => Moved successfully.
C:\Program Files (x86)\Smart Compute\Researcher\zlib1.dll => Moved successfully.
Could not move "C:\Program Files (x86)\Smart Compute" directory. => Scheduled to move on reboot.


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

=========== Result of Scheduled Files to move ===========

C:\Program Files (x86)\Smart Compute => Moved successfully.

==== End of Fixlog ====

Dopuna: 07 Sep 2013 11:00

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013
Ran by mira (administrator) on MIRA-PC on 07-09-2013 09:36:01
Running from C:\Users\mira\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-10-03] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [28201096 2012-01-12] (Electronic Arts)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default
FF user.js: detected! => C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\user.js
FF Homepage: hxxp://www.google.com/ig?hl=sr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - d:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - d:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Extension: Theme Font & Size Changer - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
FF Extension: firefox - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Noia4Options - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\Noia4Options@ArisT2.xpi
FF Extension: No Name - C:\Users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\mira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-06] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-20] (DT Soft Ltd)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-07 09:29 - 2013-09-07 09:29 - 01948604 _____ (Farbar) C:\Users\mira\Desktop\FRST64.exe
2013-09-06 21:55 - 2013-09-06 21:55 - 00036305 _____ C:\Users\mira\Documents\FRST.txt
2013-09-06 21:54 - 2013-09-06 21:55 - 00023050 _____ C:\Users\mira\Documents\Addition.txt
2013-09-06 21:52 - 2013-09-07 09:33 - 00000000 ____D C:\FRST
2013-09-06 19:00 - 2013-09-06 19:00 - 00010006 _____ C:\Users\mira\Documents\dds.txt
2013-09-06 19:00 - 2013-09-06 19:00 - 00004758 _____ C:\Users\mira\Documents\attach.txt
2013-09-05 13:17 - 2013-09-05 13:17 - 96044050 _____ C:\Windows\SysWOW64\ᚭ䑥᭔
2013-09-03 10:47 - 2013-09-03 10:47 - 00003040 _____ C:\Windows\System32\Tasks\{5B4E50EF-92DE-4F3C-B68C-54CE9DBBA238}
2013-08-31 22:57 - 2013-08-31 22:58 - 00000000 ____D C:\Windows\system32\MRT
2013-08-31 19:39 - 2013-08-31 08:53 - 00000000 ____D C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition
2013-08-31 15:08 - 2013-08-31 15:09 - 00013312 ___SH C:\Users\mira\Documents\Thumbs.db
2013-08-31 10:35 - 2013-08-31 10:35 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-08-31 10:35 - 2013-08-31 10:35 - 00000000 ____D C:\Users\mira\AppData\Roaming\FileAssociationManager
2013-08-31 09:34 - 2013-08-31 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-07 09:35 - 2013-04-06 04:17 - 01131627 _____ C:\Windows\WindowsUpdate.log
2013-09-07 09:33 - 2013-09-06 21:52 - 00000000 ____D C:\FRST
2013-09-07 09:33 - 2013-07-07 21:15 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2013-09-07 09:33 - 2013-04-06 00:47 - 00000000 ____D C:\Users\mira\AppData\Roaming\Skype
2013-09-07 09:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 09:31 - 2009-07-14 06:51 - 00024946 _____ C:\Windows\setupact.log
2013-09-07 09:30 - 2013-04-06 06:58 - 00013486 _____ C:\Windows\PFRO.log
2013-09-07 09:29 - 2013-09-07 09:29 - 01948604 _____ (Farbar) C:\Users\mira\Desktop\FRST64.exe
2013-09-07 08:51 - 2013-04-05 21:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 08:51 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 08:51 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:55 - 2013-09-06 21:55 - 00036305 _____ C:\Users\mira\Documents\FRST.txt
2013-09-06 21:55 - 2013-09-06 21:54 - 00023050 _____ C:\Users\mira\Documents\Addition.txt
2013-09-06 19:00 - 2013-09-06 19:00 - 00010006 _____ C:\Users\mira\Documents\dds.txt
2013-09-06 19:00 - 2013-09-06 19:00 - 00004758 _____ C:\Users\mira\Documents\attach.txt
2013-09-05 19:09 - 2009-07-14 07:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 13:17 - 2013-09-05 13:17 - 96044050 _____ C:\Windows\SysWOW64\ᚭ䑥᭔
2013-09-04 22:17 - 2013-07-07 21:16 - 00000274 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-09-03 10:47 - 2013-09-03 10:47 - 00003040 _____ C:\Windows\System32\Tasks\{5B4E50EF-92DE-4F3C-B68C-54CE9DBBA238}
2013-09-03 10:27 - 2013-06-07 16:08 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 10:27 - 2013-04-06 00:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 10:27 - 2013-04-06 00:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 09:20 - 2013-04-06 00:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-31 22:59 - 2013-06-21 22:07 - 00000000 ____D C:\Program Files (x86)\FileAssociationManager
2013-08-31 22:59 - 2013-04-05 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-31 22:58 - 2013-08-31 22:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-31 21:38 - 2013-07-07 21:16 - 00000290 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-08-31 19:53 - 2013-06-09 20:15 - 00000000 ____D C:\Users\mira\AppData\Roaming\Eipix
2013-08-31 17:44 - 2013-06-16 17:14 - 00000000 ____D C:\Users\mira\AppData\Local\EMDM
2013-08-31 15:09 - 2013-08-31 15:08 - 00013312 ___SH C:\Users\mira\Documents\Thumbs.db
2013-08-31 10:35 - 2013-08-31 10:35 - 00003544 _____ C:\Windows\System32\Tasks\FileAssociationManagerUpdater
2013-08-31 10:35 - 2013-08-31 10:35 - 00000000 ____D C:\Users\mira\AppData\Roaming\FileAssociationManager
2013-08-31 09:51 - 2013-04-05 21:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-31 09:51 - 2013-04-05 21:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-31 09:51 - 2013-04-05 21:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-31 09:34 - 2013-08-31 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-31 09:28 - 2013-04-06 00:46 - 00000000 ____D C:\ProgramData\Skype
2013-08-31 09:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-31 08:53 - 2013-08-31 19:39 - 00000000 ____D C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-06 15:42

==================== End Of Log ============================

Dopuna: 07 Sep 2013 11:01

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2013
Ran by mira at 2013-09-07 09:37:55
Running from C:\Users\mira\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


µTorrent (x32 Version: 3.3.0.29462)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
BS.Player FREE (x32 Version: 2.65.1074)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
DIA Drivers (Version: 1.10)
Dll-Files Fixer (x32 Version: 1.0)
Druid Kingdom (x32 Version: 1.00)
File Association Manager (x32 Version: 0.5)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Origin (x32 Version: 8.4.1.210)
PDF Settings (x32 Version: 1.0)
PDFlite 0.9.0.0 (x32 Version: 0.9.0.0)
PVSonyDll (Version: 1.00.0001)
Researcher (x32 Version: 0.7)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
swMSM (x32 Version: 12.0.0.1)
The Sims™ 3 (x32 Version: 1.55.4)
The Sims™ 3 Ambitions (x32 Version: 4.0.87)
The Sims™ 3 Diesel Stuff (x32 Version: 14.0.48)
The Sims™ 3 Fast Lane Stuff (x32 Version: 5.0.44)
The Sims™ 3 Generations (x32 Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38)
The Sims™ 3 Island Paradise (x32 Version: 19.0.101)
The Sims™ 3 Katy Perry's Sweet Treats (x32 Version: 13.0.62)
The Sims™ 3 Late Night (x32 Version: 6.0.81)
The Sims™ 3 Master Suite Stuff (x32 Version: 11.0.84)
The Sims™ 3 Outdoor Living Stuff (x32 Version: 7.0.55)
The Sims™ 3 Pets (x32 Version: 10.0.96)
The Sims™ 3 Seasons (x32 Version: 16.0.136)
The Sims™ 3 Showtime (x32 Version: 12.0.273)
The Sims™ 3 Supernatural (x32 Version: 15.0.135)
The Sims™ 3 Town Life Stuff (x32 Version: 9.0.73)
The Sims™ 3 University Life (x32 Version: 18.0.126)
The Sims™ 3 World Adventures (x32 Version: 2.17.2)
TSR RigFix (x32 Version: 1.0.10)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

==================== Restore Points =========================

21-06-2013 15:27:42 Installed TheSims3EP5
21-06-2013 16:00:43 Installed TheSims3SP6
21-06-2013 16:45:22 Installed TheSims3EP6
21-06-2013 17:02:01 Installed TheSims3SP7
21-06-2013 19:09:41 Installed TheSims3EP8
21-06-2013 19:31:19 Installed TheSims3EP7
21-06-2013 19:52:25 Installed TheSims3EP9
22-06-2013 06:59:28 Windows Update
02-07-2013 17:57:55 Installed TSR RigFix
04-07-2013 19:43:19 Installed TheSims3EP10
31-08-2013 07:26:22 Windows Update
31-08-2013 20:56:42 Windows Update
07-09-2013 06:48:58 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1672A85C-F358-4DF4-8518-22A1B737BC50} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com
Task: {221F9257-E364-4ED3-B416-4C6832BDCEAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-31] (Adobe Systems Incorporated)
Task: {2CE5DF3D-F088-4E10-AA32-58A096CED74E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {64E4AAE1-DC81-4F34-8E36-2FF3EFDA15A4} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com
Task: {85394329-895B-48E5-8C9A-2C5F0BFEFDAA} - System32\Tasks\{36E0EA8A-2E61-4DC3-A691-B99B8049F2D0} => C:\Program Files (x86)\Adelantado Trilogy Book Two\Adelantado2.exe
Task: {A937D155-A769-40E3-A17D-F8B59B9EB4A5} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com
Task: {C5B3FEE4-E676-492E-BB6A-E1D9892C73E0} - System32\Tasks\{06666ECE-84A7-4EF6-9890-5B0AF1465F2B} => C:\Program Files (x86)\Adelantado Trilogy Book Two\Adelantado2.exe
Task: {DAEF9C39-4CD2-4C69-97A9-E764A52534AB} - System32\Tasks\{EFBCA8D9-5777-4387-A51A-FC6CE2F5733B} => C:\Program Files (x86)\Adelantado Trilogy Book Two\Adelantado2.exe
Task: {FA870DF2-11E0-40CF-8D1B-C846D79BFA04} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe [2013-08-26] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

==================== Loaded Modules (whitelisted) =============

2009-10-03 06:02 - 2009-10-03 06:02 - 04452968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2009-10-03 12:01 - 2009-10-03 12:01 - 00244840 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2009-10-03 06:02 - 2009-10-03 06:02 - 01313896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-04-05 22:22 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-04-05 22:27 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-04-05 22:27 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2009-07-14 01:24 - 2009-07-14 03:11 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00310784 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2013-04-05 22:26 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2013-04-05 22:22 - 2011-12-16 09:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2009-07-14 02:20 - 2009-07-14 03:14 - 00640000 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2009-07-14 01:12 - 2009-07-14 03:11 - 00662528 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2013-04-05 22:29 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-14 01:12 - 2009-07-14 03:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2009-07-14 01:28 - 2009-07-14 03:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2013-04-05 22:29 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2009-07-14 01:39 - 2009-07-14 03:16 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00109112 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpgen.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00128056 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpschd.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00206336 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2013-04-06 00:17 - 2013-04-06 00:15 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-05 22:23 - 2011-05-24 12:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00039480 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpgrd.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00057400 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpgui.dll
2013-04-05 22:32 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2013-04-05 22:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00042552 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gplegacy.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00050744 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpgenrep.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00025656 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\onlcfg.dll
2013-08-31 09:24 - 2013-09-03 10:27 - 00110648 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gavidb.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00497720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avlode.dll
2013-04-06 00:17 - 2013-08-31 09:24 - 00154112 _____ (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\apcfile.dll
2013-04-06 00:17 - 2013-04-06 00:14 - 00257536 _____ (The cURL library, curl.haxx.se/) C:\Program Files (x86)\Avira\AntiVir Desktop\libcurl.dll
2009-07-14 01:38 - 2009-07-14 03:16 - 00268800 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2013-04-05 22:21 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2013-04-05 22:23 - 2009-08-29 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2013-04-06 00:17 - 2013-04-06 00:14 - 00181248 _____ (Apache Software Foundation) C:\Program Files (x86)\Avira\AntiVir Desktop\libaprutil-1.dll
2013-04-06 00:17 - 2013-04-06 00:14 - 00027136 _____ (Apache Software Foundation) C:\Program Files (x86)\Avira\AntiVir Desktop\libapriconv-1.dll
2013-04-06 00:17 - 2013-04-06 00:14 - 00131584 _____ (Apache Software Foundation) C:\Program Files (x86)\Avira\AntiVir Desktop\libapr-1.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00312888 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpavgio.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00134200 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avesvc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00012344 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avesvcr.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00250424 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avreg.dll
2009-07-14 01:44 - 2009-07-14 03:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2013-04-05 22:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2009-07-14 01:29 - 2009-07-14 03:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qmgrprxy.dll
2013-04-05 22:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\oleaut32.dll
2013-04-05 22:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\wintrust.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 01104384 _____ (Microsoft Corporation) C:\Windows\syswow64\URLMON.DLL
2013-06-07 16:15 - 2013-06-07 16:15 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-14 01:15 - 2009-07-14 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-04-05 22:29 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2009-07-14 01:16 - 2009-07-14 03:16 - 01668608 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2013-04-05 22:23 - 2011-05-24 12:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-04-05 22:26 - 2012-12-07 06:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-04-05 22:35 - 2011-06-16 06:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XmlLite.dll
2009-07-14 01:27 - 2009-07-14 03:16 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2009-07-14 02:03 - 2009-07-14 03:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVFW32.dll
2013-04-05 22:33 - 2011-10-26 06:28 - 01328640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2009-07-14 02:03 - 2009-07-14 03:14 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2009-07-14 02:03 - 2009-07-14 03:15 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2009-07-14 01:51 - 2009-07-14 03:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vidcap.ax
2009-07-14 02:03 - 2009-07-14 03:14 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kswdmcap.ax
2013-04-05 22:29 - 2011-03-11 07:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42.dll
2013-04-05 22:21 - 2010-10-16 06:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBC32.dll
2009-07-14 02:11 - 2009-07-14 03:09 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcint.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 12324864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-05 22:29 - 2012-06-02 06:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2009-07-14 01:33 - 2009-07-14 03:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-07 16:15 - 2013-06-07 16:15 - 01104384 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00025656 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00045112 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00025144 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00008248 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00009272 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-04-06 00:17 - 2013-09-03 10:27 - 00012344 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2013-08-31 09:34 - 2013-08-31 09:34 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-14 11:11 - 2013-08-14 11:11 - 04774272 _____ (Skype Technologies S.A.) C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-06 01:31 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2013-08-14 11:06 - 2013-08-14 11:06 - 04277632 _____ (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\mira\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2013 09:26:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time stamp: 0x4fd2dd43
Exception code: 0xc0000005
Fault offset: 0x0000000000288cc2
Faulting process id: 0x5e0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/06/2013 05:40:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.6.0.106, time stamp: 0x51c414b3
Faulting module name: Skype.exe, version: 6.6.0.106, time stamp: 0x51c414b3
Exception code: 0x40000015
Fault offset: 0x00c5de3e
Faulting process id: 0x674
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/06/2013 10:38:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0xfb4
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (09/06/2013 03:55:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0x72c
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (09/05/2013 00:12:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0x820
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (09/05/2013 07:17:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: avnotify.exe, version: 13.6.20.2100, time stamp: 0x51e6b921
Faulting module name: avnotify.exe, version: 13.6.20.2100, time stamp: 0x51e6b921
Exception code: 0xc0000005
Fault offset: 0x00001487
Faulting process id: 0xb78
Faulting application start time: 0xavnotify.exe0
Faulting application path: avnotify.exe1
Faulting module path: avnotify.exe2
Report Id: avnotify.exe3

Error: (09/04/2013 01:23:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0x157c
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (09/03/2013 05:09:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0xa44
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (09/03/2013 01:51:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Faulting module name: Updater.exe, version: 0.0.0.0, time stamp: 0x5216b335
Exception code: 0xc0000005
Fault offset: 0x0000331c
Faulting process id: 0x5f0
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3

Error: (08/31/2013 09:22:42 PM) (Source: Application Hang) (User: )
Description: The program Sea_of_Lies_Mutiny_of_the_Heart_CE.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ce4

Start Time: 01cea67308dde7a2

Termination Time: 97

Application Path: C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition\Sea_of_Lies_Mutiny_of_the_Heart_CE.exe

Report Id:


System errors:
=============
Error: (09/05/2013 09:03:33 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A1435D0E-07AE-4BE9-80EC-8988E1ADDF48}.
The backup browser is stopping.

Error: (09/05/2013 07:02:47 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:30:46 PM on ‎9/‎5/‎2013 was unexpected.

Error: (09/05/2013 07:18:02 AM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/05/2013 07:18:02 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/05/2013 07:18:01 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/01/2013 11:02:10 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:48:23 PM on ‎9/‎1/‎2013 was unexpected.

Error: (09/01/2013 09:17:26 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:43:28 PM on ‎8/‎31/‎2013 was unexpected.

Error: (08/31/2013 04:43:38 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A1435D0E-07AE-4BE9-80EC-8988E1ADDF48}.
The backup browser is stopping.

Error: (08/31/2013 09:18:26 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:12:18 PM on ‎7/‎19/‎2013 was unexpected.

Error: (07/10/2013 11:44:43 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:59:24 AM on ‎7/‎9/‎2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (09/07/2013 09:26:05 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122SHELL32.dll6.1.7600.170384fd2dd43c00000050000000000288cc25e001ceab959f638941C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllc1209b70-178e-11e3-b1aa-00247e1726ad

Error: (09/06/2013 05:40:52 PM) (Source: Application Error)(User: )
Description: Skype.exe6.6.0.10651c414b3Skype.exe6.6.0.10651c414b34000001500c5de3e67401ceaa59c477812fC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exeb55496b0-170a-11e3-b73b-00247e1726ad

Error: (09/06/2013 10:38:04 AM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331cfb401ceaadc64b1210aC:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exea50aea4c-16cf-11e3-b73b-00247e1726ad

Error: (09/06/2013 03:55:44 AM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331c72c01ceaaa430c16c1aC:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exe70c10efe-1697-11e3-b73b-00247e1726ad

Error: (09/05/2013 00:12:17 PM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331c82001ceaa2063b3d3d8C:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exea3d98cc1-1613-11e3-be53-00247e1726ad

Error: (09/05/2013 07:17:49 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487b7801cea9f73984b17fC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe811f74a2-15ea-11e3-be53-00247e1726ad

Error: (09/04/2013 01:23:45 AM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331c157c01cea8fc9d14382eC:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exee04dd892-14ef-11e3-8e6f-00247e1726ad

Error: (09/03/2013 05:09:04 PM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331ca4401cea8b784fe6cbbC:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exec545dafd-14aa-11e3-8e6f-00247e1726ad

Error: (09/03/2013 01:51:51 AM) (Source: Application Error)(User: )
Description: Updater.exe0.0.0.05216b335Updater.exe0.0.0.05216b335c00000050000331c5f001cea837627a6b8bC:\Program Files (x86)\FileAssociationManager\Updater.exeC:\Program Files (x86)\FileAssociationManager\Updater.exea2beaa9c-142a-11e3-8e6f-00247e1726ad

Error: (08/31/2013 09:22:42 PM) (Source: Application Hang)(User: )
Description: Sea_of_Lies_Mutiny_of_the_Heart_CE.exe0.0.0.0ce401cea67308dde7a297C:\Users\mira\Desktop\Sea of Lies - Mutiny of the Heart Collectors Edition\Sea_of_Lies_Mutiny_of_the_Heart_CE.exe


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4093.2 MB
Available physical RAM: 2423.44 MB
Total Pagefile: 8184.53 MB
Available Pagefile: 6353.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.54 GB) (Free:106.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.54 GB) (Free:11.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2D0A767)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Dopuna: 07 Sep 2013 11:13

Imam još jedan problem,sad neće da mi sačuva sliku iz Paint-a- Izbaci mi poruku:" Paint cannot save this file.Save was interrupted,so your file has not been saved." Isto tako neće da mi download-uje.Tu mi izbaci ovo:" C:/Users/mira/AppData/Local/Tempcould not saved becauseyou cannot change the contens ofthat folder.
Change the folder properites and try again,ortry saving in a different location."
Probala sam da promenim lokaciju gde da mi skida ali opet isto!
Predpostavljam da i ovo ima veze sa prvim problemom,

Dopuna: 07 Sep 2013 11:17

Kad upakujem Onaj file što si mi rekao ,bude veličine 255 MB tako da ne mogu da ti ga pošaljem putem forme koju si mi dao pošto je tamo ograničeno na max 10 MB

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ovo sada izgleda mnogo bolje. No FRST log prikazuje da neke fajlove nije mogao ispravno da procita. Ovo ne mora biti nista maliciozno ali upravo iz tih razloga idemo na dodatnu proveru sa druge tacke gledista, pustamo Combofix.

Vezano za Paint, nisam te razumeo sta nece da sacuva, sliku? Sta nece da ti downloaduje? Javi mi da li ces ove probleme imati nakon pustanja CF-a.
Posto je FRSTQuarantine prevelik za upload, preskocicemo taj korak.



Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Evo neće da mi sačuva link na desktopu,a neće ništa da skine uvek izbaci tu poruku

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Nikola Cvetković 2 ::Evo neće da mi sačuva link na desktopu,a neće ništa da skine uvek izbaci tu poruku
Da li si probao iz svih browsera?
Da li si probao da preuzmes CF sa nekog zdravog racunara (uredjaja) pa da prebacis CF na kompjuter sa problemom?

Takodje, pre pokretanja CF-a odradi sledece:



Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • Pridružio: 19 Jun 2013
  • Poruke: 12

Napisano: 07 Sep 2013 17:56

Neće ni sa drugog browsera da preuzme.Skinuću oba programa sa kompa i probati da uradim kako si mi napisao.

Dopuna: 07 Sep 2013 19:41

mycity.rs/must-login.png

Dopuna: 07 Sep 2013 20:11

ComboFix 13-09-06.01 - mira 07.09.2013 19:44:55.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.2181 [GMT 2:00]
Running from: c:\users\mira\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-07 to 2013-09-07 )))))))))))))))))))))))))))))))
.
.
2013-09-07 17:53 . 2013-09-07 17:53 -------- d-----w- c:\users\mira\AppData\Local\temp
2013-09-07 17:53 . 2013-09-07 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-07 17:49 . 2013-09-07 17:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CF2F95A-2243-4217-AF37-C5877F3CF678}\offreg.dll
2013-09-07 06:49 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CF2F95A-2243-4217-AF37-C5877F3CF678}\mpengine.dll
2013-09-06 19:52 . 2013-09-07 09:19 -------- d-----w- C:\FRST
2013-08-31 20:57 . 2013-08-31 20:58 -------- d-----w- c:\windows\system32\MRT
2013-08-31 08:35 . 2013-08-31 08:35 -------- d-----w- c:\users\mira\AppData\Roaming\FileAssociationManager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-03 08:27 . 2013-06-07 14:08 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-03 08:27 . 2013-04-05 22:17 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-03 08:27 . 2013-04-05 22:17 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-31 07:51 . 2013-04-05 19:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-31 07:51 . 2013-04-05 19:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-07 02:22 . 2013-04-05 19:37 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 14:14 . 2013-06-07 14:16 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-06-20 19:36 . 2013-06-20 19:36 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-03 347192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01337427
*Deregistered* - 01337427
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 07:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=sr
FF - ExtSQL: 2013-08-31 09:29; Noia4Options@ArisT2; c:\users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\extensions\Noia4Options@ArisT2.xpi
FF - ExtSQL: 2013-08-31 18:32; firefox@mega.co.nz; c:\users\mira\AppData\Roaming\Mozilla\Firefox\Profiles\0w7q2btw.default\extensions\firefox@mega.co.nz.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 27b1a7b400000000000000216b4086b5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15864
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.511:24
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120668
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
AddRemove-FileAssociationManager - c:\program files (x86)\FileAssociationManager\uninstall-fam.exe
AddRemove-Researcher - c:\program files (x86)\Smart Compute\Researcher\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07 20:08:36
ComboFix-quarantined-files.txt 2013-09-07 18:08
.
Pre-Run: 114.081.378.304 bytes free
Post-Run: 115.880.161.280 bytes free
.
- - End Of File - - 51B52D759F86D9D2D71C8E4279A6BCA4
A36C5E4F47E84449FF07ED3517B43A31

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

CF bi trebalo da je resetovao dozvole nad temp folderima. Sada bi trebalo da je sve u redu sto se ovoga tice.
Citat:Isto tako neće da mi download-uje.Tu mi izbaci ovo:" C:/Users/mira/AppData/Local/Tempcould not saved becauseyou cannot change the contens ofthat folder.
Change the folder properites and try again,ortry saving in a different location."


Takodje, CF je dodatno prekontrolisao masinu i nije nasao nsita sumnjivo.

Resi mi kakvo je sad stanje racunara?

Ko je trenutno na forumu
 

Ukupno su 833 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 786 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., babaroga, Bane san, Bobrock1, bufanje, Dannyboy, Denaya, FileFinder, FOX, Georgius, hologram, ILGromovnik, ivan979, Karla, kovinacc, Kubovac, kybonacci, Leonov, ljuba, ljubacv, Lošmi, maiden6657, Mihajlo, Milometer, Mlav, mocnijogurt, Mravce, nemkea71, nick79, pein, rodoljub, Sirius, slonic_tonic, Srky Boy, Srle993, Steeeefan, theNedjeljko, Trpe Grozni, Vlad000, VP6919, zillbg