Search SafeFinder

1

Search SafeFinder

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9491
  • Gde živiš: ovalni kabinet

Napast se pojavila od pre dva dana - čistio komp po nekim uputstvima sa interneta, imalo malo efekta, ali repovi ostali i oživeli.
Radi se o search.safefinder.com koji kopira google-ovu radnu površinu a u stvari je lažnjak i malver.

Evo log fajlova

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by User (administrator) on USER-PC (18-02-2016 18:42:29)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
() C:\Users\User\AppData\Local\Viber\Viber.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavTray.exe [1997296 2015-05-15] (Baidu, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-04-13] (Glarysoft Ltd)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc.)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3641395576-2003788952-3425881642-1000] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.2.69 10.10.2.79
Tcpip\..\Interfaces\{820120E6-6C81-4102-90BA-95FD020751F5}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C67570C3-AAA9-4241-BE44-2BB7C2CDB677}: [DhcpNameServer] 10.10.2.69 10.10.2.79
Tcpip\..\Interfaces\{DFF3AF8C-6ACA-41CD-80F2-99343C4FB2ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default
FF NewTab: C:\\ProgramData\\Airtostrongs\\ff.NT
FF DefaultSearchEngine: Google encrypted
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> C:\Program Files\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-11-10] (Reto-Moto ApS)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-20] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-20] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3641395576-2003788952-3425881642-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\searchplugins\google-encrypted.xml [2015-07-22]
FF Extension: Battlefield Play4Free - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\battlefieldplay4free@ea.com [2013-04-12] [not signed]
FF Extension: Gmail Watcher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\gmailwatcher@sonthakit.xpi [2013-06-01] [not signed]
FF Extension: AniWeather - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2015-05-30]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\extensions\artur.dubovoy@gmail.com [2016-01-19]
FF Extension: MEGA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\firefox@mega.co.nz.xpi [2016-02-17]
FF Extension: YouTube mp3 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\info@youtube-mp3.org.xpi [2015-05-28]
FF Extension: Test Pilot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\testpilot@labs.mozilla.com.xpi [2015-05-27]
FF Extension: EZ to MP3 Converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\youtube-mp3@eztomp3.com [2012-12-14] [not signed]
FF Extension: PageTweak - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2015-05-30]
FF Extension: Video DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqpgwt7a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-11] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-11] [not signed]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeVEVdMuWM1WF4rzjt3RQzNbuail8rxU1ZMEvLtA_m0oT-lYxaIvYN_xV0CUBv1ums6n_cLH3_A8iYNK-97GKcgMFTG3K71wGI7gP4UgqUe3Snzd812p5wDHY9APFFUEB6xXQK8xY43aSRVkIfdaPKHNYc9Wn1w,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRPOQoy_esKhBlExhVjMfCnfC5KMVZBn8pFSRen90WM33d1tGOZHioq1Br8WQ_xBcQri-8NbPlPgcPnPKMz52WUeu05lHib0GE9Pc_6kY9h5SoXH3Wh7xrZeIcO_8QYqnU9XFPf_-7TqayWNLlJqNM7Xfom21&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google преводилац) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google документи офлајн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Blue/Green Cubes) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iipbjjaibkibpabddphfcgbngfhhfkml [2016-02-16]
CHR Extension: (TV for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2016-01-19]
CHR Extension: (Video DownloadHelper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2015-12-16]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM\...\Chrome\Extension: [dpcomnokkgidfbnbfhfpofbgieghedec] - C:\Program Files\EzToMP3\eztomp3.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-28] (SUPERAntiSpyware.com) [File not signed]
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928 2015-05-15] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv.exe [216608 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232 2015-05-15] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-15] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2015-12-24] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 Survarium Update Service; "D:\GAME\Metro\Survarium\game\binaries\x86\survarium_service.exe" "Survarium" [X]
S3 TunngleService; D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\Tunngle\TnglCtrl.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-08-07] ()
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdApiUtil.sys [101448 2015-05-15] (Baidu, Inc.)
R3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-04-20] ()
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect.sys [21384 2015-05-15] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [194552 2015-01-08] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2015-05-15] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2015-05-15] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2015-05-15] (Baidu, Inc.)
R3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2015-05-15] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2015-05-15] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2015-05-15] (Baidu, Inc.)
R3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Bnmon.sys [84936 2015-05-15] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2015-05-15] (Baidu, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-26] (Disc Soft Ltd)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2012-01-12] ( )
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2015-04-21] (Glarysoft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-02-16] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-08-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-18 18:42 - 2016-02-18 18:43 - 00021798 _____ C:\Users\User\Desktop\FRST.txt
2016-02-18 18:41 - 2016-02-18 18:42 - 00000000 ____D C:\FRST
2016-02-18 18:39 - 2016-02-18 18:39 - 01722368 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2016-02-18 18:36 - 2016-02-18 18:36 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-02-18 18:28 - 2016-02-18 18:29 - 17436698 _____ C:\Users\User\Downloads\unhackme.zip
2016-02-18 15:46 - 2016-02-18 15:46 - 03334386 _____ () C:\Program Files\Common Files\xahb0oev.exe
2016-02-16 17:06 - 2016-02-16 17:06 - 00043376 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-02-16 17:05 - 2016-02-16 17:13 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-16 17:04 - 2016-02-16 17:05 - 10459376 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2016-02-16 16:45 - 2016-02-16 16:46 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-16 16:24 - 2016-02-16 16:24 - 01609032 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2016-02-16 16:08 - 2016-02-16 16:11 - 00000000 ____D C:\AdwCleaner
2016-02-16 16:08 - 2016-02-16 16:08 - 01508352 _____ C:\Users\User\Downloads\adwcleaner_5.033.exe
2016-02-16 14:22 - 2016-02-18 03:48 - 00000000 ____D C:\Program Files\Common Files\11imxzrd
2016-02-16 13:22 - 2016-02-16 13:22 - 00041472 _____ C:\Users\User\AppData\Local\Ranktom.dat
2016-02-16 13:22 - 2016-02-16 13:22 - 00000187 _____ C:\Users\User\AppData\Local\Ranktom.exe.config
2016-02-16 13:21 - 2016-02-16 13:21 - 07950848 _____ C:\Users\User\AppData\Roaming\agent.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 01881087 _____ C:\Users\User\AppData\Roaming\Holdhome.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00126976 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00126464 _____ C:\Users\User\AppData\Roaming\lobby.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00072704 _____ C:\Users\User\AppData\Roaming\ZaamZimex.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00062976 _____ C:\Users\User\AppData\Roaming\Config.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018672 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018432 _____ C:\Users\User\AppData\Roaming\Main.dat
2016-02-16 13:02 - 2016-02-16 13:02 - 00301824 _____ ( ) C:\Users\User\Downloads\World_War_II_Prisoner_Of_War_Game [1].exe
2016-02-15 21:18 - 2016-02-15 21:18 - 00029743 _____ C:\Users\User\Downloads\CODEMASTERS_PRISONER_OF_WAR_PC_GAME_FULL.torrent
2016-02-15 20:44 - 2016-02-15 20:46 - 00005120 ___SH C:\Users\User\Documents\Thumbs.db
2016-02-14 00:54 - 2016-02-14 00:54 - 00000267 _____ C:\Users\User\Downloads\nnhhhh.txt
2016-02-13 19:06 - 2016-02-13 19:06 - 00002042 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-02-13 19:06 - 2016-02-13 19:06 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2016-02-13 19:06 - 2016-02-13 19:06 - 00001108 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\NCH Software
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\ProgramData\NCH Software
2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Program Files\NCH Software
2016-02-13 19:05 - 2016-02-13 19:05 - 05455616 _____ (NCH Software) C:\Users\User\Downloads\vppsetup.exe
2016-02-11 21:13 - 2016-02-16 13:25 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2016-02-06 22:53 - 2016-02-07 14:58 - 05065701 _____ C:\Users\User\Documents\Азов Србија.pptx
2016-02-05 17:40 - 2016-02-05 17:40 - 00001159 _____ C:\Users\User\Desktop\Mustek 1200 UB Plus WIA Scanner - Shortcut.lnk
2016-02-04 18:52 - 2016-02-04 18:52 - 00000347 _____ C:\Users\User\Desktop\Games - Shortcut.lnk
2016-01-26 15:28 - 2016-01-26 15:28 - 00236231 _____ C:\Users\User\Downloads\cannot-into-space-fonts_stormning.zip
2016-01-25 13:08 - 2016-01-25 13:09 - 15300640 _____ C:\Users\User\Downloads\Glary_Utilities_v5.43.0.63.exe
2016-01-23 16:48 - 2016-01-23 16:49 - 13814123 _____ (ODIS s.c.) C:\Users\User\Downloads\HggSetup_v1.4.exe
2016-01-23 16:47 - 2016-01-23 16:48 - 11869570 _____ C:\Users\User\Downloads\HggLauncher.dmg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-18 18:37 - 2015-01-08 18:50 - 00000000 ____D C:\Users\User\Desktop\za čišćenje
2016-02-18 18:36 - 2009-07-14 05:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-18 18:36 - 2009-07-14 05:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-18 18:35 - 2011-07-14 15:14 - 00334194 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-18 18:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-02-18 18:32 - 2015-04-21 19:23 - 00000318 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2016-02-18 18:31 - 2015-09-17 20:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 18:31 - 2015-04-21 19:23 - 00000000 ____D C:\Program Files\Glary Utilities 5
2016-02-18 18:31 - 2015-03-21 20:02 - 00000000 ____D C:\Users\User\AppData\Roaming\ViberPC
2016-02-18 18:31 - 2012-12-12 18:29 - 00000000 ____D C:\ProgramData\MCShield
2016-02-18 18:31 - 2011-09-06 20:01 - 00000380 _____ C:\Windows\Tasks\AutoSmartDefrag.job
2016-02-18 18:31 - 2011-07-14 15:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-18 18:31 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-18 18:30 - 2015-09-17 20:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 18:22 - 2012-05-08 18:46 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-02-18 17:57 - 2013-09-22 20:19 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job
2016-02-18 17:53 - 2013-04-24 19:48 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job
2016-02-18 17:44 - 2012-05-18 07:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-18 17:14 - 2015-01-07 14:48 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-18 16:09 - 2011-07-14 15:06 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-02-18 15:47 - 2015-07-22 09:42 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-18 15:47 - 2015-07-22 09:42 - 00001121 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-18 15:47 - 2013-07-18 12:21 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 15:47 - 2011-08-07 09:20 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 15:47 - 2011-07-14 15:04 - 00001132 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-18 15:44 - 2011-07-18 08:31 - 00000000 ____D C:\Users\User\AppData\Roaming\XnView
2016-02-18 03:48 - 2015-01-08 18:38 - 00000000 ____D C:\ProgramData\Baidu
2016-02-18 03:48 - 2011-07-14 15:21 - 00000000 ____D C:\Users\User\AppData\Roaming\GHISLER
2016-02-18 03:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-02-18 03:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2016-02-17 23:32 - 2011-07-14 15:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-02-17 20:53 - 2013-04-24 19:48 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job
2016-02-17 19:05 - 2015-12-04 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 17:02 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Performance
2016-02-16 17:01 - 2012-02-14 15:55 - 00000000 ____D C:\Program Files\BitTorrent
2016-02-16 16:46 - 2015-01-07 14:48 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-16 16:46 - 2015-01-07 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-16 16:46 - 2012-01-12 11:02 - 00000000 ____D C:\Program Files\MALWAREBYTES ANTI-MALWARE
2016-02-16 16:08 - 2011-07-15 09:49 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2016-02-16 16:05 - 2011-07-14 15:06 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-02-16 14:49 - 2012-01-18 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-16 12:40 - 2015-03-21 20:04 - 00000000 ____D C:\Users\User\Documents\ViberDownloads
2016-02-15 23:39 - 2015-06-12 15:34 - 00000000 ____D C:\Program Files\Steam
2016-02-15 20:37 - 2011-07-15 13:25 - 00103736 _____ C:\Windows\system32\PnkBstrB.exe
2016-02-15 19:23 - 2011-07-15 13:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.xtr
2016-02-15 19:23 - 2011-07-15 13:25 - 00214520 _____ C:\Windows\system32\PnkBstrB.ex0
2016-02-15 18:30 - 2011-07-15 13:25 - 00137464 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2016-02-14 17:00 - 2011-07-16 08:59 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-02-14 14:53 - 2011-07-15 16:39 - 00000000 ___RD C:\Users\User\Desktop\IGRE
2016-02-13 19:02 - 2011-07-14 15:26 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2016-02-13 18:56 - 2011-11-15 16:19 - 00000000 ____D C:\Users\User\AppData\Roaming\CoreFTP
2016-02-13 18:54 - 2014-08-21 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-02-13 14:07 - 2015-10-24 22:22 - 00001955 _____ C:\Users\User\Desktop\New Text Document.txt
2016-02-12 10:57 - 2013-09-22 20:19 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job
2016-02-10 15:44 - 2012-05-18 07:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 15:44 - 2011-09-26 21:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-09 17:40 - 2014-06-06 18:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AIMP3
2016-02-05 15:47 - 2011-07-15 13:44 - 00000000 ____D C:\Program Files\SpeedFan
2016-02-01 16:35 - 2011-08-12 09:25 - 00000000 ____D C:\Users\User\dwhelper
2016-01-29 15:20 - 2015-11-10 23:03 - 00000000 ____D C:\Program Files\Heroes & Generals
2016-01-26 22:45 - 2009-07-14 05:33 - 00341912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-26 15:30 - 2011-07-14 15:26 - 00084912 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-25 13:13 - 2016-01-06 21:44 - 00000000 ____D C:\ProgramData\BavSvc_exe

==================== Files in the root of some directories =======

2016-02-18 15:46 - 2016-02-18 15:46 - 3334386 _____ () C:\Program Files\Common Files\xahb0oev.exe
2016-02-16 13:21 - 2016-02-16 13:21 - 7950848 _____ () C:\Users\User\AppData\Roaming\agent.dat
2015-10-04 22:05 - 2015-10-04 22:05 - 0000046 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2015-10-04 22:05 - 2015-10-04 22:05 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2015-10-04 22:05 - 2015-10-04 22:05 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2015-10-04 22:05 - 2015-10-04 22:05 - 0004535 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2015-10-04 22:05 - 2015-10-04 22:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.Data.ini
2015-10-04 22:05 - 2015-10-04 22:05 - 0001206 _____ () C:\Users\User\AppData\Roaming\CamStudio.Producer.ini
2016-02-16 13:21 - 2016-02-16 13:21 - 0062976 _____ () C:\Users\User\AppData\Roaming\Config.xml
2014-07-23 11:30 - 2014-07-23 11:30 - 0000154 _____ () C:\Users\User\AppData\Roaming\FileShred.log
2016-02-16 13:21 - 2016-02-16 13:21 - 1881087 _____ () C:\Users\User\AppData\Roaming\Holdhome.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 0018672 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 0126976 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 0126464 _____ () C:\Users\User\AppData\Roaming\lobby.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
2011-07-17 14:27 - 2013-04-13 11:47 - 0138056 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2015-10-04 22:05 - 2015-10-04 22:05 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 0072704 _____ () C:\Users\User\AppData\Roaming\ZaamZimex.tst
2011-07-15 13:01 - 2015-12-17 13:46 - 0076288 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-05 21:43 - 2012-12-05 21:43 - 0027520 _____ () C:\Users\User\AppData\Local\dt.dat
2016-02-16 13:22 - 2016-02-16 13:22 - 0041472 _____ () C:\Users\User\AppData\Local\Ranktom.dat
2016-02-16 13:22 - 2016-02-16 13:22 - 0000187 _____ () C:\Users\User\AppData\Local\Ranktom.exe.config
2011-09-07 19:28 - 2013-05-12 20:07 - 0007599 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\mdu_rjyye.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 10:02

==================== End of FRST.txt ============================


Addition.txt



Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by User (2016-02-18 18:43:24)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2011-07-14 22:57:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3641395576-2003788952-3425881642-500 - Administrator - Disabled)
Guest (S-1-5-21-3641395576-2003788952-3425881642-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3641395576-2003788952-3425881642-1004 - Limited - Enabled)
User (S-1-5-21-3641395576-2003788952-3425881642-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Ahead.Nero v9.4.13.2 (HKLM\...\Ahead.Nero_is1) (Version: - )
AIMP2 (HKLM\...\AIMP2) (Version: - AIMP DevTeam)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed Revelations (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 5.4.3.133394 - Baidu, Inc.)
Call of Duty (HKLM\...\Call of Duty) (Version: - )
Call of Duty Modern Warfare 2 (HKLM\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
Call of Duty Modern Warfare 3 version 1.0 (HKLM\...\{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1) (Version: 1.0 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7 - Activision) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
CoreAAC (HKLM\...\CoreAAC) (Version: - )
Counter-Strike 1.6 (HKLM\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FileZilla Client 3.5.2 (HKLM\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line)
FLV Cutter 1.0 (HKLM\...\FLV Cutter_is1) (Version: - spgsoft.com)
FormatFactory (HKLM\...\{A0C0724A-649C-4953-BF1E-F783036969E9}) (Version: 1.65 - FreeTime)
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 2.6 - Gadwin Systems, Inc.)
Geeks3D.com FurMark 1.9.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Glary Utilities 5.23 (HKLM\...\Glary Utilities 5) (Version: 5.23.0.42 - Glarysoft Ltd)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GSC 2.00 (HKLM\...\GSC 2.00) (Version: - ClanServers Hosting LLC.)
Heroes & Generals (HKLM\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Mega Codec Pack 8.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 2.0.3.11 - MyCity)
Medal of Honor (HKLM\...\{5A274D69-F9BB-4AA9-85C9-440FA947DF04}_is1) (Version: - )
Medal of Honor (TM) (HKLM\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Small Basic v1.0 (HKLM\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (en-US) - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA 3D Vision Controller Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.77 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.77 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera Stable 34.0.2036.25 (HKLM\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
PDF To JPG Converter 2.0.3 (HKLM\...\PDF To JPG Converter_is1) (Version: - PDF To JPG Converter)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Qtracker (HKLM\...\Qtracker) (Version: 4.92 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (HKLM\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.02 - bitComposer Games)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.13 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Unchecky v0.4.2 (HKLM\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viber (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VideoDownloaderUltimate (HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.70 - Link64)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.30 - NCH Software)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XnView 2.32 (HKLM\...\XnView_is1) (Version: 2.32 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.2\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3641395576-2003788952-3425881642-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09921576-2F39-4F06-8DCD-F1D1D9277D98} - System32\Tasks\{E613B8B7-BA02-4492-9AF5-0B37F3BB74DD} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.85.103/sr/abandoninstall?page=tsProgressBar
Task: {1136F465-CDD8-4CA0-AD6F-92D22038796B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {1A47869C-45BB-4DF5-BD3E-5B7554B07926} - System32\Tasks\{511324DF-E04D-44A5-8BD8-C8FE6799573D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.85.103/sr/abandoninstall?page=tsProgressBar
Task: {1FE14869-A6D4-4AF0-BED1-DAD17F731110} - System32\Tasks\{F91E5E94-378B-4825-8AC7-35F290D88289} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.0.105/sr/abandoninstall?page=tsProgressBar
Task: {3AEEF8A9-BD34-4144-B8E6-F2D62A8DAD36} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BavUpdater.exe [2015-05-15] (Baidu, Inc.)
Task: {46131291-2D5B-4A9D-88CB-9BA6AFA8FE54} - System32\Tasks\{ED94EA74-9A18-4EAF-98E8-372623B58DB9} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/sr/abandoninstall?page=tsProgressBar
Task: {4BE97BD0-FD32-4D57-9054-CA43157DD6A3} - System32\Tasks\AutoSmartDefrag => G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {53A9F1F6-011B-4360-93B6-C280D3F1090E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-04-13] (Glarysoft Ltd)
Task: {5EBE475F-27F6-495C-8E36-5F2D93080D74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {7A942E7B-07D2-44D2-8509-09CF797A7879} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9A19BDFD-1606-4D36-A9B9-11A5B6F94194} - System32\Tasks\{EB708379-C5CE-4984-B187-C1F47C250E0F} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.0.101/sr/abandoninstall?page=tsProgressBar
Task: {9ADB1984-ED2A-436B-BD6F-30A5193D5C83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A36C7C31-AAB0-403A-B388-6ADC00716061} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B5479F08-6600-4145-9348-4AFFE757905D} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {C481C32B-6C3E-4DEB-9E6E-8D363A919192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {D7B2902B-F33B-4BDF-B1EA-020D4A063A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {E64A4D6C-83AC-43B4-B7BE-8571D2DA84E5} - System32\Tasks\Opera scheduled Autoupdate 1437474278 => C:\Program Files\Opera\launcher.exe [2015-12-04] (Opera Software)
Task: {EC840A38-21B5-4D0A-BD65-2B7167CCFB66} - System32\Tasks\{D2AEB90B-1BAB-43FB-A409-46E24333541C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.85.102/sr/abandoninstall?page=tsProgressBar
Task: {ED38D22A-EC98-4D48-82C6-8CD943E00BF4} - System32\Tasks\2sm2rami => C:\Program Files\Common Files\11imxzrd\b18ebx3vbnp0d.exe [2016-02-16] () <==== ATTENTION
Task: {EDCA9BBB-0926-4EB5-A72C-749328314FE8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {EDD89823-1A09-4D9B-B031-ACAD95589113} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {F5A41D89-35DD-4449-8270-639AA26C0CA3} - System32\Tasks\{E141E4C0-F7B0-4598-989A-D736B44A1396} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/sr/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoSmartDefrag.job => G:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641395576-2003788952-3425881642-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-28 22:04 - 2015-05-15 04:09 - 00297968 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\HipsLogger.dll
2015-04-28 22:04 - 2015-05-15 04:09 - 00198128 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\dark.dll
2015-04-28 22:04 - 2015-05-15 04:09 - 00540656 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\sqlite.dll
2015-04-28 22:04 - 2015-05-15 04:09 - 00370672 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\BNetOp.dll
2011-11-08 21:46 - 2011-11-08 21:46 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-07-15 13:25 - 2013-07-15 12:27 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2015-04-28 22:04 - 2015-05-15 04:09 - 00277488 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.122701.0\Pulgin_Dark_DeleteFileTip.dll
2015-11-12 17:02 - 2015-11-09 11:26 - 51657424 _____ () C:\Users\User\AppData\Local\Viber\Viber.exe
2015-11-12 17:02 - 2015-11-09 11:19 - 00089088 _____ () C:\Users\User\AppData\Local\Viber\qfacebook.dll
2015-11-12 17:02 - 2015-11-09 11:19 - 00389632 _____ () C:\Users\User\AppData\Local\Viber\imageformats\qsvg.dll
2015-11-12 17:02 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\User\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-11-12 17:02 - 2015-09-29 15:25 - 00690176 _____ () C:\Users\User\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 17:02 - 2015-09-29 15:26 - 00057856 _____ () C:\Users\User\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 17:02 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\User\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-11-12 17:02 - 2015-09-29 15:34 - 00425984 _____ () C:\Users\User\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-11-12 17:02 - 2015-09-29 03:03 - 00065024 _____ () C:\Users\User\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
2015-11-12 17:02 - 2015-09-29 02:58 - 00012288 _____ () C:\Users\User\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
2015-11-12 17:02 - 2015-09-29 03:04 - 00184320 _____ () C:\Users\User\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-11-12 17:02 - 2015-09-29 02:58 - 00044032 _____ () C:\Users\User\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-04-13 08:57 - 2015-04-13 08:57 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2011-07-14 15:22 - 2004-01-22 17:36 - 00120832 _____ () C:\Program Files\WinRAR\rarext.dll
2016-02-09 23:48 - 2016-02-09 12:58 - 01632584 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-09 23:48 - 2016-02-09 12:58 - 00087880 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User:Heroes & Generals

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-02-18 18:31 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3641395576-2003788952-3425881642-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\XnView\\xnview_wallpaper_20160213.bmp
DNS Servers: 10.10.2.69 - 10.10.2.79
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: wuauserv => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19A37328-FBE7-4272-A6B9-AA38585BE41A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF5F2382-7EBD-43B6-BB27-4A34D597BD16}] => (Allow) LPort=2869
FirewallRules: [{17E992AC-2C3F-4294-BB7B-15B0184787F5}] => (Allow) LPort=1900
FirewallRules: [{D98616C8-D93F-4772-A90A-58DABE9A5784}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{91C95C89-1E65-41B7-8E14-283739FA4703}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E4B32757-DA22-440E-ADEE-3F9BF3858360}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{4C7E876C-D58C-4A44-94BA-C7D207894D00}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{39C0F5D3-C330-4AEA-9DCA-633E258C7EA6}H:\i g r e\call of duty\cod2mp_s.exe] => (Allow) H:\i g r e\call of duty\cod2mp_s.exe
FirewallRules: [UDP Query User{A0DBE975-968B-4EAD-8483-DE811019E559}H:\i g r e\call of duty\cod2mp_s.exe] => (Allow) H:\i g r e\call of duty\cod2mp_s.exe
FirewallRules: [TCP Query User{E703A7C6-19AA-4356-8D15-A63354B181F3}C:\program files\qtracker\qtracker.exe] => (Allow) C:\program files\qtracker\qtracker.exe
FirewallRules: [UDP Query User{CF211CBD-85D2-4E44-82AA-070F118EA601}C:\program files\qtracker\qtracker.exe] => (Allow) C:\program files\qtracker\qtracker.exe
FirewallRules: [{1F85FEA5-EE6D-4D8A-98C2-7C719668FC7C}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{106D8836-0931-4636-8B1E-D4B38F59A501}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{EF7ABE9B-DAE8-467B-AFE0-F07DF558137C}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{4BB32634-C716-44DC-99C6-148E746AF751}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{706FFE2D-1ECB-4175-85D0-C2216CE66918}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{4BD7F016-6785-49D5-A940-21FC7700008C}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{918FDB53-E0D2-4C8B-AB7C-2E9B10E7F09B}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{4DF7B603-D5AA-4901-8BDE-884E2CF713B4}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{CAF303AC-4758-4B8E-9BD7-3608365603B7}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{541311DA-DCE9-4D4B-AD72-C50F33B50016}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{53D65FAA-0BF2-4442-BB61-0E9B2D445AA9}H:\i g r e\call of duty\cod2mp_s.exe] => (Allow) H:\i g r e\call of duty\cod2mp_s.exe
FirewallRules: [UDP Query User{38683ECE-29EC-4389-8AC3-255B2F7842B7}H:\i g r e\call of duty\cod2mp_s.exe] => (Allow) H:\i g r e\call of duty\cod2mp_s.exe
FirewallRules: [{A3D98C6B-81C7-47DB-96A4-519F17FBEFDE}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{383C42C4-3D2F-43DD-8EE8-826D080B646E}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{BF47A166-5B93-4B4A-AAFC-A677B4BB6404}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{91DF75D0-28AE-4B94-AD6F-0F1CF07FF8CD}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{4F4F602E-D92D-4880-A390-C86DE65A50C9}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{4E79932E-F48C-461A-9EA3-EFE9D0688570}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{39892F92-E428-4923-97CA-5FFCB3BF7048}D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe] => (Block) D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe
FirewallRules: [UDP Query User{8304CC56-C319-41DE-B53B-B11ACE969BC4}D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe] => (Block) D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe
FirewallRules: [TCP Query User{591D9BD6-DB8B-4368-B314-5B8889D0DD9E}H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe] => (Block) H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe
FirewallRules: [UDP Query User{E7C5C643-9434-4FBB-9C2E-08FE0111A87B}H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe] => (Block) H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe
FirewallRules: [TCP Query User{4BFD2FB6-BA64-43F1-991A-819C263BF091}H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe] => (Block) H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe
FirewallRules: [UDP Query User{331FF891-14A2-4278-B494-C1F28C6AAE26}H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe] => (Block) H:\i g r e\half life 2\hl2\hl2taketwo\hl2\hl2.exe
FirewallRules: [TCP Query User{8ECDB6C0-C036-4D44-9BDE-E1C293C78F92}D:\game\cod 6\modern warfare 2\iw4sp.exe] => (Block) D:\game\cod 6\modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{B94DA5A2-F59A-40BF-9767-EAFF386883DB}D:\game\cod 6\modern warfare 2\iw4sp.exe] => (Block) D:\game\cod 6\modern warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{E8ABB715-4394-4755-9E83-3C0F81C54E9F}D:\game\cod 6\modern warfare 2\iw4mp.exe] => (Block) D:\game\cod 6\modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{EE287A6C-19B4-43F9-81EB-440E90BC3BDC}D:\game\cod 6\modern warfare 2\iw4mp.exe] => (Block) D:\game\cod 6\modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{51EA0427-7CD5-47F8-8478-22708CA8C31D}D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe] => (Block) D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe
FirewallRules: [UDP Query User{04D7CE3D-AA0C-4431-A865-051990A89BD0}D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe] => (Block) D:\download\call of duty 4 [pc-dvd] [english] [www.topetorrent.com]\codmp.exe
FirewallRules: [TCP Query User{00D47538-9EC5-47AD-9B33-D3AE091E8362}D:\game\cod 2\cod2mp_s.exe] => (Block) D:\game\cod 2\cod2mp_s.exe
FirewallRules: [UDP Query User{D1E274CE-5645-4268-A125-DC64E9C24A2C}D:\game\cod 2\cod2mp_s.exe] => (Block) D:\game\cod 2\cod2mp_s.exe
FirewallRules: [TCP Query User{431C0FC2-0434-4948-9FA4-4C5ADF8B4E02}D:\game\cs !&\hl.exe] => (Block) D:\game\cs !&\hl.exe
FirewallRules: [UDP Query User{1E2CEAD0-544C-4CCC-B2BF-C4243CF0502C}D:\game\cs !&\hl.exe] => (Block) D:\game\cs !&\hl.exe
FirewallRules: [{F6A46570-09A0-48F3-9F5D-D1C5F4B0B5D9}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{5B4ABA06-56FE-433F-92AE-A580476E95BB}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{8135EC65-B5F5-4AEC-A928-8A4F024A3290}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{81A2A2AC-6632-47F4-AB26-B62851B27D35}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [TCP Query User{D3FEFB3B-92F7-4082-8D5E-DFEC8DBD9BD1}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{27CA83B5-3892-48A7-9B46-4B2219E5D12B}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{3103F803-ECFE-4D40-B109-756365BBD9E3}] => (Allow) D:\GAME\cod4\iw3mp.exe
FirewallRules: [{8A1C2E78-F6E4-4F08-BD33-086DA3794A9B}] => (Allow) D:\GAME\cod4\iw3mp.exe
FirewallRules: [TCP Query User{07D723FE-F146-4C85-BB44-44496579D2F4}C:\users\user\appdata\local\iw4m\iw4m.dat] => (Block) C:\users\user\appdata\local\iw4m\iw4m.dat
FirewallRules: [UDP Query User{53A7E712-A270-4E3C-84BA-FE5A217780C4}C:\users\user\appdata\local\iw4m\iw4m.dat] => (Block) C:\users\user\appdata\local\iw4m\iw4m.dat
FirewallRules: [TCP Query User{AC0C81B0-E735-4A77-99D7-730675107160}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe] => (Allow) C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe
FirewallRules: [UDP Query User{8E4BF4E0-8125-4C32-841F-5883E854DA52}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe] => (Allow) C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe
FirewallRules: [{4C722C2F-F61F-46DA-9208-D559EF5F251C}] => (Allow) D:\GAME\CS !&\Medal of Honor\Binaries\moh.exe
FirewallRules: [{F34AFF57-7ECD-434D-9B94-162BA4E18AB6}] => (Allow) D:\GAME\CS !&\Medal of Honor\Binaries\moh.exe
FirewallRules: [{E874ACAC-F88A-4E63-9EEF-F583D9917908}] => (Allow) D:\GAME\CS !&\Medal of Honor\Binaries\MoHUpdater.exe
FirewallRules: [{78C1DE12-B108-427C-8505-DD32A68EAD72}] => (Allow) D:\GAME\CS !&\Medal of Honor\Binaries\MoHUpdater.exe
FirewallRules: [{53DBDFAD-82D9-44CD-BC36-9BBAFDE780AB}] => (Allow) D:\GAME\CS !&\Medal of Honor\MP\mohmpgame.exe
FirewallRules: [{7F49FCD3-8D36-4F6B-9ED6-2EEFA09D790F}] => (Allow) D:\GAME\CS !&\Medal of Honor\MP\mohmpgame.exe
FirewallRules: [{D4E2D175-9669-4791-A0FC-8E247C84ECA4}] => (Allow) D:\GAME\CS !&\Medal of Honor\MP\mohmpupdater.exe
FirewallRules: [{1E25B389-3A03-434F-84D2-7C5B8F1794B8}] => (Allow) D:\GAME\CS !&\Medal of Honor\MP\mohmpupdater.exe
FirewallRules: [TCP Query User{E79B5A70-D2A7-4235-9620-32C9F580C3B4}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{5ABA1381-6233-4F50-8316-EBE825E242A2}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{34DA2A51-9B94-4229-9A03-5B62B16D019B}] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{25110C32-8D51-4520-B395-FA367CB5C6AF}] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{EBCA64E6-E7BD-4788-AC70-9BD1E48B0E8F}D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe] => (Allow) D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe
FirewallRules: [UDP Query User{3597BDD2-45E5-42D3-9943-141CF6714EE9}D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe] => (Allow) D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe
FirewallRules: [{90A5CDB8-57F4-431F-A8DF-DBEAA1094649}] => (Allow) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{B6164068-EA3A-4F6D-8060-C10F80273502}] => (Allow) C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{1195E2E1-3686-4520-B8A5-0F39888A5483}D:\game\assasins cread2\hl.exe] => (Block) D:\game\assasins cread2\hl.exe
FirewallRules: [UDP Query User{6B3C254D-6BEE-4C2D-80A5-D2102878059B}D:\game\assasins cread2\hl.exe] => (Block) D:\game\assasins cread2\hl.exe
FirewallRules: [TCP Query User{26632BF1-E700-482A-A9C2-8A327386B9F7}F:\winbox.exe] => (Allow) F:\winbox.exe
FirewallRules: [UDP Query User{AE4F54A8-D77D-4762-9EAC-A7E0F1AA5CB9}F:\winbox.exe] => (Allow) F:\winbox.exe
FirewallRules: [{C3453B73-2E8A-4970-B38E-2CC94922801D}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC593277-AD78-4F70-8416-CB97A7B62CC2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{EA2A24FD-38C4-4C2A-AD63-571507716B14}D:\game\cs !&\cs 1.6 v42 full\hl.exe] => (Allow) D:\game\cs !&\cs 1.6 v42 full\hl.exe
FirewallRules: [UDP Query User{05515610-61C6-4FF0-AF6C-7FA01C451029}D:\game\cs !&\cs 1.6 v42 full\hl.exe] => (Allow) D:\game\cs !&\cs 1.6 v42 full\hl.exe
FirewallRules: [{498BA4C7-682F-49B7-B93D-9EF22168451B}] => (Allow) D:\GAME\BF3\Heroes & Generals\live\hng.exe
FirewallRules: [{3310172B-415C-4A7D-B5C4-156D0D8D9384}] => (Allow) D:\GAME\BF3\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{083658E4-721D-4180-ABD5-236CC6BF118D}D:\game\cod 2\cod2mp_s.exe] => (Block) D:\game\cod 2\cod2mp_s.exe
FirewallRules: [UDP Query User{73CF1D70-48ED-4DAF-95AB-34ACCFFE49EA}D:\game\cod 2\cod2mp_s.exe] => (Block) D:\game\cod 2\cod2mp_s.exe
FirewallRules: [TCP Query User{9B89C8E7-DD97-4BD5-98FD-B3852588B6D2}D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe] => (Block) D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe
FirewallRules: [UDP Query User{3F2EABE0-C575-4607-9B52-77F27EC357ED}D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe] => (Block) D:\download\crash time 4 the syndicate pc game highly compress @ only by the rain {hkrg}\crash time 4 the syndicate\crash time 4 the syndicate\crashtime4hi.exe
FirewallRules: [TCP Query User{90D745FF-E7C7-4B67-86A3-4082B2C74F50}D:\game\cod4\iw3mp.exe] => (Block) D:\game\cod4\iw3mp.exe
FirewallRules: [UDP Query User{1C8ACF38-8935-4DDC-AE34-18541BFB4A29}D:\game\cod4\iw3mp.exe] => (Block) D:\game\cod4\iw3mp.exe
FirewallRules: [TCP Query User{AB758457-F8AD-497A-917C-421A0A532115}D:\game\assasins cread2\hl.exe] => (Block) D:\game\assasins cread2\hl.exe
FirewallRules: [UDP Query User{0E1789FA-7B48-4AE3-B761-F95C2D392617}D:\game\assasins cread2\hl.exe] => (Block) D:\game\assasins cread2\hl.exe
FirewallRules: [{B593E837-0284-410C-B662-47DE387EE3AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{79C316E7-14A3-4C42-9427-753365B72FD1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A0826B65-3BF6-466F-9232-1DB69BD9128C}D:\wepons\szone-online\szoneonlinelauncher.exe] => (Allow) D:\wepons\szone-online\szoneonlinelauncher.exe
FirewallRules: [UDP Query User{A40AD59E-1746-4C6B-830B-DB0070C3C3B6}D:\wepons\szone-online\szoneonlinelauncher.exe] => (Allow) D:\wepons\szone-online\szoneonlinelauncher.exe
FirewallRules: [TCP Query User{6D74CAC2-9B92-4013-A3B7-F3E42257AC68}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D6239F41-A258-4302-B67E-23B5CA15BFF2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0B2CE4FD-9BC9-4518-8984-B253F88F058F}] => (Allow) D:\GAME\Metro\Survarium\temp\survarium_launcher.exe
FirewallRules: [{6E9C80E0-337D-4B49-BFFD-D4643BB2E673}] => (Allow) D:\GAME\Metro\Survarium\temp\survarium_updater.exe
FirewallRules: [{09A9F523-F951-4B4B-AD97-FEB0D98AE286}] => (Allow) D:\GAME\Metro\Survarium\temp\survarium_updater.exe
FirewallRules: [{6D78406C-3159-475B-B730-740132736B1C}] => (Allow) D:\GAME\Metro\Survarium\temp\survarium_updater.exe
FirewallRules: [{E0E2335B-1760-4631-B906-DA47BAC17EF3}] => (Allow) D:\GAME\Metro\Survarium\temp\survarium_updater.exe
FirewallRules: [{54A64608-D40A-43C5-8B31-D750FE34D2ED}] => (Allow) D:\GAME\Metro\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{CF9D3378-310B-4B0A-81D7-EA9DC50B69A4}] => (Allow) D:\GAME\Metro\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{6FFDD6B5-7467-4D15-86A1-D82B5995E8ED}D:\game\metro\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\game\metro\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{E5D3DD0C-9F55-4601-8940-9C25D1D214FB}D:\game\metro\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\game\metro\survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{B2C6DCAF-484F-40ED-AE83-863FD1DFD83A}D:\game\cs !&\hl.exe] => (Block) D:\game\cs !&\hl.exe
FirewallRules: [UDP Query User{6492386D-B9AA-4C09-9C7E-CEB360C6AEE2}D:\game\cs !&\hl.exe] => (Block) D:\game\cs !&\hl.exe
FirewallRules: [{76E51B34-E800-4C34-9298-A068E9912266}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{B1D7C3F8-52B9-4B7A-B272-832A33AE68C1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FC69B1C4-AF7E-4EAD-B2F2-274807AF3C59}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5DD3A390-88A1-4023-B125-BB78396ABDE4}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{87938929-06D2-4172-8927-4E75F1467592}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{9B885A10-B648-470A-B683-4B4E28A813C6}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{4362679D-3E5D-443B-8A12-808DE4FB574E}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe
FirewallRules: [{709609EC-D9BC-4ADA-B79B-191C505413A6}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe
FirewallRules: [{6AB9E9F9-A121-4349-8601-39D9B25DD0AB}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\Tunngle\TnglCtrl.exe
FirewallRules: [{1E2A0370-C4E8-4D41-9E93-86E5F306F585}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\Tunngle\TnglCtrl.exe
FirewallRules: [{D2C4E7A3-4739-4E74-B3DE-BA75BA2216C3}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\Tunngle\Tunngle.exe
FirewallRules: [{F8588058-2AE1-4D1A-9298-7744CF07CDC2}] => (Allow) D:\GAME\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Call of Pripyat\Tunngle\Tunngle.exe
FirewallRules: [{11A1CD6E-B7DE-430C-B3C9-9196F78ECA46}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe
FirewallRules: [{28B631B4-35F0-47D4-AE22-E5C3F171EEAC}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe
FirewallRules: [TCP Query User{4BFE35E9-EC42-41D9-B6BF-D7224F639290}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{C0C7889A-CF7F-4308-8D23-F748C2802481}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [TCP Query User{E38BC92A-424D-4A7C-9489-7D979FC276A7}D:\game\cod mw2\modern warfare 2\iw4mp.exe] => (Block) D:\game\cod mw2\modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{D4A6F06C-6C35-4F4B-84E3-0420251FC357}D:\game\cod mw2\modern warfare 2\iw4mp.exe] => (Block) D:\game\cod mw2\modern warfare 2\iw4mp.exe
FirewallRules: [{84941D7F-4CC3-48D3-B40A-F92ACF59E40E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-02-2016 16:05:12 Removed Digimax A50/Cyber500
16-02-2016 16:05:57 Removed Digimax Master
16-02-2016 16:25:17 JRT Pre-Junkware Removal
16-02-2016 17:12:07 Checkpoint by HitmanPro
16-02-2016 17:13:09 Checkpoint by HitmanPro
18-02-2016 16:08:59 Removed Terminator Salvation

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2016 06:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 39.0.0.5659, time stamp: 0x55933a80
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0
Exception code: 0xe06d7363
Fault offset: 0x0000b760
Faulting process id: 0x1194
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (02/18/2016 11:22:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a20

Start Time: 01d16a3635791140

Termination Time: 14

Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

Report Id: 87543491-d629-11e5-bcde-1c6f65b15c32

Error: (02/17/2016 04:14:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/17/2016 04:14:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/17/2016 10:33:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/17/2016 10:33:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/16/2016 07:43:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/16/2016 07:42:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/16/2016 05:13:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000188,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0221F39C.64). hr = 0x80070005, Access is denied.
.

Error: (02/16/2016 05:13:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007e0,(null),0,REG_BINARY,0252F120.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {bf4ae323-0a3c-43a7-9a12-a788c8cad17c}


System errors:
=============
Error: (02/18/2016 06:31:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 06:31:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 06:31:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:29:52 PM on 2/18/2016 was unexpected.

Error: (02/18/2016 03:36:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 03:36:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 03:36:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error:
%%2

Error: (02/18/2016 03:35:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:49:45 AM on 2/18/2016 was unexpected.

Error: (02/18/2016 11:22:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 11:22:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (02/18/2016 11:22:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2015-03-05 20:33:30.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-userenv_31bf3856ad364e35_7.1.7601.17514_none_83b850a4346b9b7c\userenv.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:30.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-userenv_31bf3856ad364e35_7.1.7601.17514_none_83b850a4346b9b7c\userenv.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:26.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:26.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:17.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\rpcrtremote.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:17.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\rpcrtremote.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:14.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-05 20:33:14.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\c408963f86cb8c18c57a66096d\5c1f5ee4c1a2a542effae55b7a\d8d6ca3a7475af9c7c\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-03 00:09:26.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-07-03 00:09:26.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 47%
Total physical RAM: 3326.49 MB
Available physical RAM: 1759.71 MB
Total Virtual: 6651.27 MB
Available Virtual: 4968.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:46.27 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:368.1 GB) (Free:69.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27D85A24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Hajde da probamo jedan program u cijoj izradi ucestvuje i moja malenkost Mr. Green



Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.


Arrow Nakon toga, potrebno je da dostavis izvestaj:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9491
  • Gde živiš: ovalni kabinet

Nije tražio restart, evo izveštaja

emana AntiMalware 2.19.1.904 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/2/18
Operating System : Windows 7 32-bit
Processor : 2X AMD Athlon(tm) II X2 250 Processor
BIOS Mode : Legacy
CUID : 005F108CDCE5664433F070
Scan Type : Smart Scan
Duration : 8m 48s
Scanned Objects : 16424
Detected Objects : 20
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Yes
Include All Extensions : No
Scan Documents : No
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Internet Explorer Shortcut

Firefox Shortcut
Status : Scanned
Object : %SNF%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Firefox Shortcut

Firefox Shortcut
Status : Scanned
Object : %SNF%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Firefox Shortcut

Firefox Shortcut
Status : Scanned
Object : %SNF%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Firefox Shortcut

Firefox Newtab
Status : Scanned
Object : %homedrive%\\programdata\\airtostrongs\\ff.nt
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Firefox Newtab

Chrome Shortcut
Status : Scanned
Object : --show-app-list
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : %SNP%
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Shortcut
Status : Scanned
Object : --show-app-list
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Shortcut

Chrome Search
Status : Scanned
Object : WebSearch - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Search

Chrome Homepage
Status : Scanned
Object : http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?.....HNYc9Wn1w,
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Chrome Homepage

EZ to MP3 Converter
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\zqpgwt7a.default\extensions\youtube-mp3@eztomp3.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Traces :
Browser Extension - EZ to MP3 Converter

VeriSign Class 3 Code Signing 2009-2 CA
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Traces :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob = 190000000100000010000000C763A218002B666458293666AF69E0960F000000010000001400000003F55B4DB5C35C83945318021724039001E009DA0300000001000000140000005557C0953FBD9F93745B214FB2483E9369B597F0140000000100000014000000B9ADA723835784199FC276D5825FA7C23E48FF322000000001000000E7040000308204E3308203CBA0030201020210109F1DAAAFB83315A6B64A6EED82D816300D06092A864886F70D01010505003081B6310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F7270612028632930393130302E06035504031327566572695369676E20436C617373203320436F6465205369676E696E6720323030392D32204341301E170D3039313130343030303030305A170D3132313130333233353935395A3081A0310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65204369747931143012060355040A140B445420536F6674204C7464313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E207632311430120603550403140B445420536F6674204C746430819F300D06092A864886F70D010101050003818D003081890281810098D43C8BDBF9ABF7B0628E0F5C146E0A20D1177F550643082387488EE46B0270ECF7BD62C4C5F14D3FA8568F9CCEEA469BF325CEA2065E76369298C78194B8252461C5E59E24A024947858009AFD811564366E756A85089E52C116B191829AE93AEC4747D99F2301A3DEFC43266B466F4F19293658594BD9A98BE92D245B2F2F0203010001A38201833082017F30090603551D1304023000300E0603551D0F0101FF04040302078030440603551D1F043D303B3039A037A0358633687474703A2F2F637363332D323030392D322D63726C2E766572697369676E2E636F6D2F435343332D323030392D322E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F72706130130603551D25040C300A06082B06010505070303307506082B0601050507010104693067302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303F06082B060105050730028633687474703A2F2F637363332D323030392D322D6169612E766572697369676E2E636F6D2F435343332D323030392D322E636572301F0603551D2304183016801497D06BA82670C8A13F941F082DC4359BA4A11EF2301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101006B0B1C2813CAE3A009B57810C2DA153DB4342DA632717A0374BAE9A489F87877DAEF4A72A960BAFD1A41E2A08C6B17BD39DEA86D5C52DDB4CAA00A57DF07F3766103DE0D8FF3C8396D86C9F8BAB4C90F13A13212CED23339697F48B67541173AF9B17D83C5178982D556F4C56BBCB1A764B2CF70667B95AAF44C4A12E74D3BA4BB93FB9FA414AF5638E89CCEE9A40C47857C61FF8C57551BE1959E60C10DE477AD52457CBA23DB9753BF5FB5E2C31F13619AACA720A2C287DBE0D91C29F5D8862E203476D126A4922FFDC5FDB63EFFEA611582485AF7F28209C4BB133ED0CA06316DEA5FB40058F94B52245DEAF8DD5173CC18955870F6388C73EC8135699D89

GlobalSign CodeSigning CA - G2
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Traces :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692

Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Traces :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled

b18ebx3vbnp0d.exe
Status : Scanned
Object : %commonprogramfiles%\11imxzrd\b18ebx3vbnp0d.exe
MD5 : 34626D391E59B224AE5CC176926936DA
Publisher : -
Size : 59904
Version : 0.0.0.0
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Traces :
File - %commonprogramfiles%\11imxzrd\b18ebx3vbnp0d.exe
Scheduled Task - C:\Windows\System32\Tasks\2sm2rami


Cleaning Result
-------------------------------------------------------
Cleaned : 20
Reported as safe : 0
Failed : 0

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li je malo bolje sada?

Ponovo pokreni FRST, obelezi Addition.txt, Shortcut.txt, klikni na skan i prikaci sva 3 izvestaja, bez copy/paste.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9491
  • Gde živiš: ovalni kabinet

Jeste, Zemana je odličan program - sada nema više otvaranja prve stranice search.safe čim otvorim bilo koji browser, obrisan je i neki Airtostrongs kojeg sam i fizički odstranio a on se sam vraćao (klonirao)...

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li si ti instalirao Baidu Antivirus?

Treba da mi uploadujes jedan fajl preko ovog linka:

http://www.mycity.rs/ambulanta-upload.php

C:\Users\User\Downloads\World_War_II_Prisoner_Of_War_Game [1].exe

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9491
  • Gde živiš: ovalni kabinet

Da, imam Baidu AV.
Uploadovao sam fajl.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, poslednji korak:


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {ED38D22A-EC98-4D48-82C6-8CD943E00BF4} - \2sm2rami -> No File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dpcomnokkgidfbnbfhfpofbgieghedec] - C:\Program Files\EzToMP3\eztomp3.crx <not found>
2016-02-16 14:22 - 2016-02-18 20:31 - 00000000 ____D C:\Program Files\Common Files\11imxzrd
2016-02-16 13:22 - 2016-02-16 13:22 - 00041472 _____ C:\Users\User\AppData\Local\Ranktom.dat
2016-02-16 13:22 - 2016-02-16 13:22 - 00000187 _____ C:\Users\User\AppData\Local\Ranktom.exe.config
2016-02-16 13:21 - 2016-02-16 13:21 - 07950848 _____ C:\Users\User\AppData\Roaming\agent.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 01881087 _____ C:\Users\User\AppData\Roaming\Holdhome.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00126976 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00126464 _____ C:\Users\User\AppData\Roaming\lobby.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00072704 _____ C:\Users\User\AppData\Roaming\ZaamZimex.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00062976 _____ C:\Users\User\AppData\Roaming\Config.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018672 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018432 _____ C:\Users\User\AppData\Roaming\Main.dat
File: C:\Program Files\Common Files\xahb0oev.exe
File: C:\Users\User\AppData\Local\Temp\mdu_rjyye.exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 9491
  • Gde živiš: ovalni kabinet

Nije me juče bilo ceo dan na mreži, zato se nisam javljao, izvini.
Inače, odradio sam sve i evo fixlog-a

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by User (2016-02-20 13:59:21) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Task: {ED38D22A-EC98-4D48-82C6-8CD943E00BF4} - \2sm2rami -> No File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dpcomnokkgidfbnbfhfpofbgieghedec] - C:\Program Files\EzToMP3\eztomp3.crx <not found>
2016-02-16 14:22 - 2016-02-18 20:31 - 00000000 ____D C:\Program Files\Common Files\11imxzrd
2016-02-16 13:22 - 2016-02-16 13:22 - 00041472 _____ C:\Users\User\AppData\Local\Ranktom.dat
2016-02-16 13:22 - 2016-02-16 13:22 - 00000187 _____ C:\Users\User\AppData\Local\Ranktom.exe.config
2016-02-16 13:21 - 2016-02-16 13:21 - 07950848 _____ C:\Users\User\AppData\Roaming\agent.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 01881087 _____ C:\Users\User\AppData\Roaming\Holdhome.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00126976 _____ C:\Users\User\AppData\Roaming\Installer.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00126464 _____ C:\Users\User\AppData\Roaming\lobby.dat
2016-02-16 13:21 - 2016-02-16 13:21 - 00072704 _____ C:\Users\User\AppData\Roaming\ZaamZimex.tst
2016-02-16 13:21 - 2016-02-16 13:21 - 00062976 _____ C:\Users\User\AppData\Roaming\Config.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018672 _____ C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-02-16 13:21 - 2016-02-16 13:21 - 00018432 _____ C:\Users\User\AppData\Roaming\Main.dat
File: C:\Program Files\Common Files\xahb0oev.exe
File: C:\Users\User\AppData\Local\Temp\mdu_rjyye.exe
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED38D22A-EC98-4D48-82C6-8CD943E00BF4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED38D22A-EC98-4D48-82C6-8CD943E00BF4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2sm2rami" => key removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dpcomnokkgidfbnbfhfpofbgieghedec" => key removed successfully.
C:\Program Files\Common Files\11imxzrd => moved successfully
C:\Users\User\AppData\Local\Ranktom.dat => moved successfully
C:\Users\User\AppData\Local\Ranktom.exe.config => moved successfully
C:\Users\User\AppData\Roaming\agent.dat => moved successfully
C:\Users\User\AppData\Roaming\Holdhome.tst => moved successfully
C:\Users\User\AppData\Roaming\Installer.dat => moved successfully
C:\Users\User\AppData\Roaming\lobby.dat => moved successfully
C:\Users\User\AppData\Roaming\ZaamZimex.tst => moved successfully
C:\Users\User\AppData\Roaming\Config.xml => moved successfully
C:\Users\User\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Users\User\AppData\Roaming\Main.dat => moved successfully

========================= File: C:\Program Files\Common Files\xahb0oev.exe ========================

File not signed
MD5: 5798F67F8764F7BCC59E084EC4DE577D
Creation and modification date: 2016-02-18 - 2016-02-18
Size: 3334386
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.3
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\Users\User\AppData\Local\Temp\mdu_rjyye.exe ========================

File not signed
MD5: 2761B82A1F0EF1A2DEA5ACA9215A48F6
Creation and modification date: 2016-02-16 - 2016-02-16
Size: 0392349
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:00:34 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, to bi bilo to. Da li je sada sve u redu?

Ovaj fajl obrisi rucno:

C:\Program Files\Common Files\xahb0oev.exe

Vodi racuna jer je maliciozan.

Ko je trenutno na forumu
 

Ukupno su 1368 korisnika na forumu :: 49 registrovanih, 8 sakrivenih i 1311 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, ajo baba, Alibaba1981, Areal84, bagor10, Battlehammer, Bubili, bufanje, cikadeda, darionis, darkangel, Dimitrise93, Dorcolac, DPera, draganl, FileFinder, hooraay, hyla, ikan, Istman, jackreacher011011, janbo, Karla, kikisp, krkalon, kybonacci, ljuba, Mcdado, mercedesamg, MilosKop, milutin134, Mixelotti, mocnijogurt, naki011, nemkea71, panzerwaffe, Parker, pein, Romibrat, royst33, skvara, Srle993, Stoilkovic, Toper, Vlada78, wolf431, YugoSlav, zbazin, Zoca