Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Ajutor ptr. devirusare
Last Updated: May 11 2014 17:47, Started by
radumiki
, May 09 2014 13:42
·
0
#19
Posted 09 May 2014 - 16:54
Poti sa faci ce ti-a zis JaJe ? - http://www.softpedia...scue-Disk.shtml
E nevoie totusi de un PC nevirusat ca sa il descarci si sa scrii CD-ul., iar dupa ce bootezi si scanezi cu el va trebui sa faci o noua scanare din sistemul de operare cu un alt antivirus - de ex - http://www.softpedia...y-Scanner.shtml - ca sa detecteze si eventualii virusi care neruland au scapat primului. Daca nici asa nu se rezolva, incep sa cred ca problema nu ar fi un virus ci ceva corupt in sistem. Eventual o rulare de verificare a fisierelor - sfc /scannow ar putea repara ceva - dar nu e sigur. ( CMD cu "Run as admin" si scrisa comanda ) PUP-urile alea detectate nu sunt periculoase - doar deranjante. |
#20
Posted 09 May 2014 - 16:58
AVG Remover tool.
SUPERAntiSpyware Uninstaller Assistant. Dupa faci asa: Ruleaza din nou OTL. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Click pe CleanUp. [ http://s18.postimg.org/h5fcw3k5l/OTL_rem.jpg - Pentru incarcare in pagina (embed) Click aici ] Asta va scoate OTL din sistem. Descarci din nou si rulezi OTL. Pentru Windows Vista sau Windows 7,Windows 8, click dreapta, selecteaza Run as administrator. Bifezi ca in imagine. [ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt. Copiaza pe rand continutul acestor ferestre si posteazale aici. eiffel, on 09 mai 2014 - 16:54, said:
Poti sa faci ce ti-a zis JaJe ? - http://www.softpedia...scue-Disk.shtml E nevoie totusi de un PC nevirusat, iar dupa ce bootezi si scanezi cu el va trebui sa faci o noua scanare din sistemul de operare cu un alt antivirus - de ex - http://www.softpedia...y-Scanner.shtml - ca sa detecteze si eventualii virusi care neruland au scapat primului. Daca nici asa nu se rezolva, incep sa cred ca problema nu ar fi un virus ci ceva corupt in sistem. PUP-urile alea detectate nu sunt periculoase - doar deranjante. N-are "virusi", doar "conflict de interese", mai pe intelesul tuturor. Vreau sa vad Extras.txt. |
#21
Posted 09 May 2014 - 20:03
MhG_40, on 09 mai 2014 - 15:26, said:
Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in imaginea de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Scuze ca revin cu intarziere, alte probleme m-au obligat sa lipsesc... Dupa ce am rulat programele de dezinstalare ptr. AVG si Superantispayware, dupa restart a pornit OK asa ca am putut muta fisierul peste ComboFix, mai jos am logul de la acesta. ComboFix 14-05-07.03 - Radu 09.05.2014 20:47:33.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.40.1033.18.3037.1990 [GMT 3:00] Running from: c:\users\Radu\Desktop\ComboFix.exe Command switches used :: c:\users\Radu\Desktop\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Radu\1028.mst c:\users\Radu\1029.mst c:\users\Radu\1031.mst c:\users\Radu\1033.mst c:\users\Radu\1034.mst c:\users\Radu\1036.mst c:\users\Radu\1038.mst c:\users\Radu\1040.mst c:\users\Radu\1043.mst c:\users\Radu\1045.mst c:\users\Radu\1049.mst c:\users\Radu\1051.mst c:\users\Radu\2052.mst c:\windows\system32\abracadabra08092011.exe c:\windows\system32\Cache c:\windows\system32\Cache\03d0258e0f2ed9c8.fb c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\0aadda966830979f.fb c:\windows\system32\Cache\216c627a24d8867b.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\23ac9ac55e6ab5dd.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\2f10a5b1e9e7824a.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\55394c55588d06e9.fb c:\windows\system32\Cache\58ddcce05c814ec7.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\5b504b717f6213aa.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\65d93b391b534400.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\92dfda0b27e32fc8.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\9af253ee093c034c.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\b7e296c174f25c6e.fb c:\windows\system32\Cache\b8ca3915c5ad249a.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\c9f02fb785856a08.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d575b108a6903ee0.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\dd5a00c9beac054e.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb c:\windows\system32\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Files Created from 2014-04-09 to 2014-05-09 ))))))))))))))))))))))))))))))) . . 2014-05-09 17:54 . 2014-05-09 17:54 -------- d-----w- c:\users\Radu\AppData\Local\temp 2014-05-09 17:54 . 2014-05-09 17:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2014-05-09 17:54 . 2014-05-09 17:54 -------- d-----w- c:\users\TEMP.RADU.002\AppData\Local\temp 2014-05-09 17:43 . 2014-05-08 12:58 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6E590BA-7FE3-4FB6-B828-BADC1F794FB0}\gapaengine.dll 2014-05-09 14:42 . 2014-05-08 12:58 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{250915AA-DCA5-49B9-A17E-A72421139B8F}\gapaengine.dll 2014-05-09 10:33 . 2014-05-09 10:33 -------- d-----w- c:\windows\ERUNT 2014-05-09 05:31 . 2014-04-17 02:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BACFDD91-8892-44BD-AABB-DBE1B02A68AA}\mpengine.dll 2014-05-09 04:34 . 2014-05-09 13:47 -------- d-----w- c:\program files\a-squared Free 2014-05-08 12:57 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-05-08 11:15 . 2014-05-08 11:15 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-08 10:46 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll 2014-05-08 10:46 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-05-08 10:42 . 2014-05-09 17:44 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-08 10:42 . 2014-04-03 06:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-08 10:42 . 2014-04-03 06:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-07 05:57 . 2014-05-08 10:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-05-06 07:06 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-05-05 20:46 . 2014-05-05 20:47 -------- d-----w- c:\program files\Common Files\Merge Modules 2014-05-05 20:45 . 2014-05-05 20:45 -------- d-----w- c:\windows\PCHEALTH 2014-05-05 20:45 . 2014-05-06 06:57 -------- d-----w- c:\program files\Microsoft Visual FoxPro 9 2014-05-05 10:35 . 2014-05-06 06:57 -------- d-----w- c:\programdata\IObit 2014-05-05 10:35 . 2014-05-06 06:57 -------- d-----w- c:\programdata\ProductData 2014-05-05 10:35 . 2014-05-05 10:35 -------- d-----w- c:\program files\IObit 2014-05-04 13:23 . 2014-05-04 13:23 -------- d-----w- c:\program files\Daum 2014-05-04 08:25 . 2014-05-04 08:32 -------- d-----w- c:\users\Radu\AppData\Roaming\Geek Uninstaller 2014-05-04 07:51 . 2014-05-04 07:51 -------- d-----w- c:\program files\Tweaking.com 2014-05-03 19:49 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-03 11:50 . 2014-04-15 12:59 36664 ----a-w- c:\windows\system32\TURegOpt.exe 2014-05-03 11:50 . 2014-04-15 12:59 25400 ----a-w- c:\windows\system32\authuitu.dll 2014-05-03 11:49 . 2014-05-03 11:49 -------- d-----w- c:\users\Radu\AppData\Local\TuneUp Software 2014-05-03 08:19 . 2014-05-03 08:19 -------- d-----w- c:\users\Radu\AppData\Roaming\QuickScan 2014-05-03 07:56 . 2014-05-03 07:56 -------- d-----w- c:\users\Radu\AppData\Local\Microsoft Corporation 2014-05-03 07:45 . 2014-05-03 07:45 -------- d-----w- c:\program files\DiskTrix 2014-05-02 08:08 . 2014-05-02 08:08 -------- d-----w- c:\users\Radu\AppData\Roaming\LavasoftStatistics 2014-05-02 07:03 . 2014-05-09 13:52 -------- d-----w- c:\program files\Lavasoft 2014-05-02 07:01 . 2014-05-02 07:01 -------- d-----w- c:\programdata\Lavasoft 2014-04-30 13:40 . 2014-04-30 13:40 -------- d-----w- c:\users\Radu\AppData\Roaming\9-lab 2014-04-30 13:40 . 2014-05-09 13:55 -------- d-----w- c:\program files\9-lab 2014-04-30 13:40 . 2014-04-30 13:40 -------- d-----w- c:\programdata\9-lab 2014-04-29 12:10 . 2014-04-29 12:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-04-29 11:54 . 2014-04-29 11:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AVG 2014-04-29 11:48 . 2010-08-30 05:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-04-28 19:29 . 2014-04-28 19:29 17931952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2014-04-28 11:12 . 2014-04-28 11:12 -------- d-----w- c:\users\Radu\AppData\Roaming\AVG 2014-04-28 11:12 . 2014-04-28 11:12 -------- d-----w- c:\users\Radu\AppData\Local\AVG 2014-04-28 11:09 . 2014-04-28 11:22 -------- d-----w- c:\programdata\AVG 2014-04-28 11:09 . 2014-04-28 11:26 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-04-23 08:12 . 2014-04-23 08:12 -------- d-sh--w- c:\users\Radu\AppData\Local\EmieUserList 2014-04-23 08:12 . 2014-04-23 08:12 -------- d-sh--w- c:\users\Radu\AppData\Local\EmieSiteList 2014-04-21 08:19 . 2014-04-14 17:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-04-10 19:36 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\system32\jscript9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-08 12:58 . 2011-05-21 05:51 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-05-03 12:34 . 2012-04-24 05:18 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-05-03 12:34 . 2011-05-15 06:58 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-27 14:39 . 2012-08-30 19:42 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-04-03 06:50 . 2013-08-24 15:58 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-31 06:35 . 2011-05-07 15:03 231584 ------w- c:\windows\system32\MpSigStub.exe 2003-05-15 23:32 . 2013-03-02 10:44 1765376 ----a-w- c:\program files\lppa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk backup=c:\windows\pss\Dell Display Manager.lnk.Commonstartup backupExtension=.Commonstartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2011-12-27 21:21 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 01:25 6595928 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] 2011-07-14 12:45 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 06:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2014-05-09 11:52 1272400 ----a-w- c:\users\Radu\AppData\Roaming\uTorrent\uTorrent.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "WheelMouse"=c:\program files\Mouse\Amoumain.exe "Windows Uninstaller"="c:\program files\WindowsUninstaller\WndwsUn.exe" ssp /s . R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784] R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2011-12-08 181432] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136] R3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys [2011-05-20 67968] R3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys [2011-05-20 52224] R3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\DRIVERS\vodafone_zte_cpo.sys [2011-05-20 9984] R3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys [2011-05-20 47488] R3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [2011-05-20 47488] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912] S2 VmbService;Serviciu Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-27 58368] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-09 107736] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-12-24 17408] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1143920] S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 61952] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL . Contents of the 'Scheduled Tasks' folder . 2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 12:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles\autw61gc.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.ro FF - prefs.js: keyword.URL - . - - - - ORPHANS REMOVED - - - - . AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-05-09 20:56:27 ComboFix-quarantined-files.txt 2014-05-09 17:56 . Pre-Run: 31.741.599.744 bytes free Post-Run: 31.396.868.096 bytes free . - - End Of File - - 08CDBFB54AF8D5B6E860CE0E71716753 A36C5E4F47E84449FF07ED3517B43A31 |
#22
Posted 09 May 2014 - 21:31
MhG_40, on 09 mai 2014 - 16:58, said:
AVG Remover tool. SUPERAntiSpyware Uninstaller Assistant. Dupa faci asa: Ruleaza din nou OTL. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Click pe CleanUp. Asta va scoate OTL din sistem. Descarci din nou si rulezi OTL. Pentru Windows Vista sau Windows 7,Windows 8, click dreapta, selecteaza Run as administrator. Bifezi ca in imagine. La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt. Copiaza pe rand continutul acestor ferestre si posteazale aici. Iar e blocat... Am facut ce ai zis cu OTL-ul, pun mai jos: OTL logfile created on: 09.05.2014 22:23:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = R:\Dowload Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,53% Memory free 5,93 Gb Paging File | 4,65 Gb Available in Paging File | 78,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,02 Gb Total Space | 29,33 Gb Free Space | 49,70% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 126,90 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive R: | 210,94 Gb Total Space | 45,63 Gb Free Space | 21,63% Space Free | Partition Type: NTFS Computer Name: RADU | User Name: Radu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.05.09 22:23:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- R:\Dowload\OTL.exe PRC - [2014.05.09 21:40:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014.04.29 15:37:44 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Radu\Desktop\autoruns.exe PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.23 18:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.07 15:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2014.05.09 21:40:52 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2014.05.09 21:40:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014.05.03 15:34:48 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014.03.06 10:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.08.23 18:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.05.09 07:49:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.04.07 15:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2014.05.09 22:14:33 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2014.04.03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2014.04.03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.10.02 03:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013.02.06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.02.06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.12.29 23:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2012.12.24 07:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2012.09.28 00:29:08 | 000,605,128 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 17:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.12.08 07:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) DRV - [2011.05.20 17:15:54 | 000,052,224 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm) DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter) DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) DRV - [2011.05.20 17:15:52 | 000,067,968 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) DRV - [2011.05.20 17:15:52 | 000,009,984 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo) DRV - [2010.11.21 00:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.09.01 14:33:12 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.08.04 16:17:00 | 001,143,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.27 10:48:10 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2007.04.06 16:55:04 | 000,014,336 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.04.06 16:51:02 | 000,008,704 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter) DRV - [1996.04.03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www,google,ro/ [binary data] IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 C7 45 D0 C0 0C CC 01 [binary data] IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{4C3391F9-B1E5-4BE8-ABAE-EB953EF4F26C}: "URL" = http://news.softpedi...ferrer:source?} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{84682D81-0F28-4586-A53C-1AE064AC81CB}: "URL" = http://www.softpedia...ferrer:source?} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028 IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== Firefox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.param.yahoo-type: "394500523" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.ro" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.07 10:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Extensions [2014.05.05 09:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles\2hmcfb79.default-1399269955861\extensions [2013.08.02 23:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles2jxvr5gz.default\extensions [2013.08.02 23:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles2jxvr5gz.default\extensions\staged [2014.05.06 10:04:09 | 000,007,911 | ---- | M] () -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles\autw61gc.default\searchplugins\Google.xml [2014.05.09 21:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014.05.09 21:40:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: NPSWF32_13_0_0_206.dll (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll CHR - homepage: http://securedsearch...&u=___userid___ CHR - homepage: http://securedsearch...&u=___userid___ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014.05.09 20:54:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D03F31-20EE-43A7-8C67-BD84E9C287F3}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2067.06.13 11:13:08 | 000,655,360 | ---- | C] (Teklynx International) -- C:\Users\Radu\Documents\PEK.prn [2014.05.09 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014.05.09 20:56:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014.05.09 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\temp [2014.05.09 20:44:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014.05.09 16:35:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2014.05.09 16:06:17 | 002,286,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Radu\Desktop\GetSystemInfo.exe [2014.05.09 13:33:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.05.09 07:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free [2014.05.08 15:58:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2014.05.08 15:58:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2014.05.08 15:58:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2014.05.08 15:58:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll [2014.05.08 15:58:18 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2014.05.08 15:58:18 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2014.05.08 15:58:18 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014.05.08 15:58:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2014.05.08 15:58:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2014.05.08 15:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2014.05.08 15:57:48 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll [2014.05.08 14:15:24 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel [2014.05.08 13:46:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.05.08 13:46:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014.05.08 13:42:43 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.05.08 13:42:30 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014.05.08 13:42:30 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014.05.07 08:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014.05.07 08:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014.05.05 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2014.05.05 23:45:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014.05.05 23:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual FoxPro 9 [2014.05.05 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Radu\Documents\Visual FoxPro Projects [2014.05.05 13:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [2014.05.05 13:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2014.05.05 13:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2014.05.05 13:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2014.05.04 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Daum [2014.05.04 11:28:58 | 006,143,496 | ---- | C] (Geek Uninstaller) -- C:\Users\Radu\Desktop\geek.exe [2014.05.04 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\Geek Uninstaller [2014.05.04 10:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2014.05.03 22:49:48 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.05.03 14:50:49 | 000,036,664 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2014.05.03 14:50:48 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2014.05.03 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\TuneUp Software [2014.05.03 11:19:11 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\QuickScan [2014.05.03 10:56:41 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\Microsoft Corporation [2014.05.03 10:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskTrix [2014.05.03 10:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\DiskTrix [2014.05.02 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014.05.02 11:08:33 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\LavasoftStatistics [2014.05.02 10:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2014.05.02 10:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2014.04.30 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\9-lab [2014.04.30 16:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool [2014.04.30 16:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\9-lab [2014.04.30 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\9-lab [2014.04.29 15:37:42 | 000,661,184 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Radu\Desktop\autoruns.exe [2014.04.29 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2014.04.29 14:48:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014.04.28 22:29:08 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.04.28 14:12:29 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\AVG [2014.04.28 14:12:29 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\AVG [2014.04.28 14:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2014.04.28 14:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2014.04.23 11:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Radu\AppData\Local\EmieUserList [2014.04.23 11:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Radu\AppData\Local\EmieSiteList [2014.04.21 11:19:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.04.21 11:19:07 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.04.21 11:19:07 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.04.21 11:19:06 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.04.10 22:37:18 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.04.10 22:37:14 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014.04.10 22:37:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014.04.10 22:37:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014.04.10 22:37:13 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.04.10 22:37:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.04.10 22:37:12 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014.04.10 22:37:12 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014.04.10 22:37:11 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014.04.10 22:37:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.04.10 22:37:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014.04.10 22:37:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014.04.10 22:37:09 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014.04.10 22:37:09 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014.04.10 22:37:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014.04.10 22:37:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014.04.10 22:37:09 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavascriptCollectionAgent.dll [2014.04.10 22:37:05 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.04.10 22:36:59 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.01.28 11:42:08 | 000,447,752 | ---- | C] (ABBYY) -- C:\Users\Radu\Setup.exe [2014.01.28 11:42:08 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Users\Radu\unicows.dll [2013.03.02 13:44:47 | 001,765,376 | ---- | C] (Teklynx Internationnal) -- C:\Program Files\lppa.exe ========== Files - Modified Within 30 Days ========== [2014.05.09 22:21:16 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.09 22:21:16 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.09 22:14:33 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.05.09 22:13:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.09 22:13:48 | 2388,533,248 | -HS- | M] () -- C:\hiberfil.sys [2014.05.09 21:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.09 20:54:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014.05.09 16:59:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2014.05.09 16:59:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2014.05.09 16:07:43 | 000,130,226 | ---- | M] () -- C:\Users\Radu\Desktop\GetSystemInfo_RADU_Radu_2014_05_09_16_07_03.zip [2014.05.09 16:06:17 | 002,286,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Radu\Desktop\GetSystemInfo.exe [2014.05.09 14:52:06 | 000,000,846 | ---- | M] () -- C:\Users\Radu\Desktop\µTorrent.lnk [2014.05.09 14:52:06 | 000,000,826 | ---- | M] () -- C:\Users\Radu\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2014.05.09 13:31:02 | 000,754,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.05.08 13:42:33 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.05.04 12:27:34 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.05.04 10:35:06 | 000,000,033 | ---- | M] () -- C:\Windows\Eic.ini [2014.05.04 10:14:58 | 161,212,675 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2014.05.03 15:34:48 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014.05.03 15:34:48 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014.05.03 11:13:51 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2014.05.03 09:48:30 | 000,000,895 | ---- | M] () -- C:\Windows\ODBC.INI [2014.04.30 16:40:39 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Removal Tool.lnk [2014.04.29 15:37:44 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Radu\Desktop\autoruns.exe [2014.04.29 15:34:22 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.04.29 14:49:11 | 000,001,162 | ---- | M] () -- C:\Users\Radu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014.04.28 22:29:09 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.04.28 14:38:25 | 000,630,058 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2014.04.28 14:31:09 | 000,003,717 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2014.04.27 18:16:46 | 000,395,712 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2014.04.27 17:39:46 | 000,003,754 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2014.04.27 17:39:01 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2014.04.26 17:16:58 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini [2014.04.22 09:59:36 | 006,143,496 | ---- | M] (Geek Uninstaller) -- C:\Users\Radu\Desktop\geek.exe [2014.04.21 21:47:55 | 000,656,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.04.21 21:47:55 | 000,123,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.04.20 17:58:11 | 000,012,288 | ---- | M] () -- C:\Users\Radu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.04.15 15:59:24 | 000,036,664 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2014.04.15 15:59:16 | 000,025,400 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2014.04.14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.04.14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.04.14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.04.14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.04.14 05:11:39 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.04.14 05:07:19 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll ========== Files Created - No Company Name ========== [2067.06.13 11:13:08 | 000,010,926 | ---- | C] () -- C:\Users\Radu\Documents\PEK.ini [2014.05.09 16:59:01 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2014.05.09 16:59:01 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2014.05.09 16:07:43 | 000,130,226 | ---- | C] () -- C:\Users\Radu\Desktop\GetSystemInfo_RADU_Radu_2014_05_09_16_07_03.zip [2014.05.08 13:42:33 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.05.04 10:35:06 | 000,000,033 | ---- | C] () -- C:\Windows\Eic.ini [2014.05.03 11:13:49 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2014.04.30 16:40:39 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Removal Tool.lnk [2014.04.23 11:03:01 | 000,003,754 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2014.01.31 17:07:42 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2014.01.31 17:07:42 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL [2014.01.31 17:07:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2014.01.28 11:42:04 | 007,310,848 | ---- | C] () -- C:\Users\Radu\ABBYY PDF Transformer 3.0 x64.msi [2014.01.28 11:42:04 | 007,306,752 | ---- | C] () -- C:\Users\Radu\ABBYY PDF Transformer 3.0.msi [2013.06.26 22:21:15 | 000,003,717 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013.01.30 19:40:12 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.12.24 07:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2012.10.18 20:44:29 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.09.25 11:52:08 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2012.07.02 11:22:21 | 001,383,318 | ---- | C] () -- C:\Users\Radu\LONDON.pdf [2012.05.16 18:56:33 | 000,000,064 | ---- | C] () -- C:\Windows\FONTLOAD.INI [2011.05.15 19:40:04 | 000,012,288 | ---- | C] () -- C:\Users\Radu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 00:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.08.22 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\337 Wallpaper [2014.04.30 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\9-lab [2014.05.09 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\AVG [2011.10.14 00:00:21 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\AVG2012 [2011.05.10 21:34:52 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Canneverbe Limited [2013.11.17 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\gBurner [2014.05.04 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Geek Uninstaller [2012.07.23 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IObit [2014.05.08 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IrfanView [2013.01.19 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IsolatedStorage [2013.10.04 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Jubler [2013.08.27 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\PDF Software [2014.05.03 11:19:13 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\QuickScan [2011.05.10 21:34:57 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Reviversoft [2012.01.02 11:45:40 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Samsung [2014.05.09 17:40:33 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\uTorrent [2012.01.19 11:38:16 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.10.07 10:14:37 | 000,039,424 | ---- | M] ()(C:\Users\Radu\Documents\fi?a de lucru.doc) -- C:\Users\Radu\Documents\fișa de lucru.doc [2013.10.07 10:14:35 | 000,039,424 | ---- | C] ()(C:\Users\Radu\Documents\fi?a de lucru.doc) -- C:\Users\Radu\Documents\fișa de lucru.doc < End of report > OTL Extras logfile created on: 09.05.2014 22:23:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = R:\Dowload Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,53% Memory free 5,93 Gb Paging File | 4,65 Gb Available in Paging File | 78,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,02 Gb Total Space | 29,33 Gb Free Space | 49,70% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 126,90 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive R: | 210,94 Gb Total Space | 45,63 Gb Free Space | 21,63% Space Free | Partition Type: NTFS Computer Name: RADU | User Name: Radu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{289E9A9F-3F91-44F5-AB51-5516D40B7B28}" = rport=137 | protocol=17 | dir=out | app=system | "{298A0376-46EF-49FD-AF68-1F362BD4424D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B4333F6-92B0-4F20-BC22-C76392741072}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{584DEACF-E6BA-4354-9127-C958DFBB6AF1}" = rport=138 | protocol=17 | dir=out | app=system | "{5CEA98F4-1970-4D67-9E44-8601A33A4107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A865E2BE-29EA-4264-8CFC-15EA25DC9A4D}" = rport=445 | protocol=6 | dir=out | app=system | "{B6E58A02-9D33-4B8E-8D2C-B0367E8043A4}" = lport=138 | protocol=17 | dir=in | app=system | "{BA760CA6-808C-4E8E-B98A-B00606BCFD86}" = lport=139 | protocol=6 | dir=in | app=system | "{C98E3FFE-180D-4A84-A725-BD735A1AF334}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{CFE3466C-CA3D-4BC1-8F5E-9A1C4F8642DD}" = rport=139 | protocol=6 | dir=out | app=system | "{EF4FC2B2-4524-4FB9-B772-5F2E9E65B3C0}" = lport=137 | protocol=17 | dir=in | app=system | "{F47941AF-7CE4-43D8-8DF6-2BB61C88E621}" = lport=445 | protocol=6 | dir=in | app=system | "{F902A849-278B-4543-89BD-215C60100B1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F9E35DB0-DE99-4B70-A3BB-2902948EC21B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6D8B178E-F8B8-4648-8300-8DB2768C94F7}" = protocol=1 | dir=out | [email protected],-28544 | "{6F11BDBB-D17C-4C09-9BAF-9DFAC7A34EBF}" = protocol=1 | dir=in | [email protected],-28543 | "{90DF46EB-666F-445A-9B7F-F552E24E9A59}" = protocol=58 | dir=in | [email protected],-28545 | "{93F9AA1A-3B3D-49EF-B30C-D9A405D964B3}" = protocol=58 | dir=out | [email protected],-28546 | "{ACA7C2BA-452B-473B-86F3-1625803EBA02}" = protocol=6 | dir=in | app=c:\users\radu\appdata\roaming\utorrent\utorrent.exe | "{D8046CF9-12E0-4A88-9BF1-8CF99E4AB672}" = protocol=17 | dir=in | app=c:\users\radu\appdata\roaming\utorrent\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0 "{5E30DBF0-22DE-4403-9810-6A5158CE12D1}" = AVG 2012 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-003F-0418-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager "{AC76BA86-7AD7-1048-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Romanian "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B525DC95-8D7F-40DC-A2EE-20E619CEE863}" = Microsoft AntiMalware Service RO-RO Language Pack "{C5FB822B-2EED-44F2-B38F-5C7DD1FC5EB0}" = AVG 2012 "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EF8A40DD-FC58-489B-9454-C14134335C7E}" = eKonom "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CCleaner" = CCleaner "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "HDMI" = Intel® Graphics Media Accelerator Driver "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = Irfanview (remove only) "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004 "Mozilla Firefox 29.0.1 (x86 ro)" = Mozilla Firefox 29.0.1 (x86 ro) "MozillaMaintenanceService" = Mozilla Maintenance Service "OPFV 2011" = OPFV 2011 "TVWiz" = Intel® TV Wizard "WheelMouse" = 2T-Office 7.80 "WinRAR archiver" = WinRAR 5.00 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.05.2014 13:44:22 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 14:10:58 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 14:10:58 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 14:12:12 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 14:15:18 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 14:15:18 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 14:16:47 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 15:14:13 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 15:14:13 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 15:15:39 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 09.05.2014 14:08:55 | Computer Name = Radu | Source = DCOM | ID = 10010 Description = Error - 09.05.2014 14:10:35 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 14:11:43 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 18:11:43 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 14:11:45 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 Error - 09.05.2014 14:15:10 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 14:16:00 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 18:16:00 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 14:16:02 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 Error - 09.05.2014 15:14:03 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 15:14:26 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 19:14:26 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 15:14:33 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 < End of report > |
#23
Posted 09 May 2014 - 21:33
#24
Posted 09 May 2014 - 21:51
1. Ruleaza din nou OTL.
Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL. Quote
:PROCESSES killallprocesses :OTL DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver) FF - user.js - File not found [2014.04.28 14:38:25 | 000,630,058 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm :Commands [purity] [CLEARALLRESTOREPOINTS] [emptytemp] [emptyjava] [emptyflash] [Reboot] Vezi pe imagine cum. Apasa Run Fix. Posteaza logul aici. [ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Dezinstaleaza, Microsoft AntiMalware. Microsoft Security Essentials Removal Tool. |
#25
Posted 09 May 2014 - 21:57
MhG_40, on 09 mai 2014 - 21:33, said: OTL logfile created on: 09.05.2014 22:51:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = R:\Dowload Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,60% Memory free 5,93 Gb Paging File | 4,83 Gb Available in Paging File | 81,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,02 Gb Total Space | 29,80 Gb Free Space | 50,48% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 126,90 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive R: | 210,94 Gb Total Space | 45,63 Gb Free Space | 21,63% Space Free | Partition Type: NTFS Computer Name: RADU | User Name: Radu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.05.09 22:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- R:\Dowload\OTL.exe PRC - [2014.05.09 21:40:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.23 18:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.04.07 15:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2014.05.09 21:40:52 | 003,839,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2014.05.09 21:40:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014.05.03 15:34:48 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014.03.06 10:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013.12.21 09:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.08.23 18:18:14 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.05.09 07:49:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.04.07 15:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) ========== Driver Services (SafeList) ========== DRV - [2014.05.09 22:49:56 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2014.04.03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2014.04.03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.10.02 03:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013.02.06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.02.06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.12.29 23:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2012.12.24 07:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2012.09.28 00:29:08 | 000,605,128 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 17:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.12.08 07:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) DRV - [2011.05.20 17:15:54 | 000,052,224 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm) DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter) DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) DRV - [2011.05.20 17:15:52 | 000,067,968 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) DRV - [2011.05.20 17:15:52 | 000,009,984 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo) DRV - [2010.11.21 00:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.09.01 14:33:12 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.08.04 16:17:00 | 001,143,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.27 10:48:10 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2007.04.06 16:55:04 | 000,014,336 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.04.06 16:51:02 | 000,008,704 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter) DRV - [1996.04.03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www,google,ro/ [binary data] IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 C7 45 D0 C0 0C CC 01 [binary data] IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{4C3391F9-B1E5-4BE8-ABAE-EB953EF4F26C}: "URL" = http://news.softpedi...ferrer:source?} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{84682D81-0F28-4586-A53C-1AE064AC81CB}: "URL" = http://www.softpedia...ferrer:source?} IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028 IE - HKU\S-1-5-21-23971535-937172135-1387098642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== Firefox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.param.yahoo-type: "394500523" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.ro" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.07 10:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Extensions [2014.05.05 09:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles\2hmcfb79.default-1399269955861\extensions [2013.08.02 23:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles2jxvr5gz.default\extensions [2013.08.02 23:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles2jxvr5gz.default\extensions\staged [2014.05.06 10:04:09 | 000,007,911 | ---- | M] () -- C:\Users\Radu\AppData\Roaming\Mozilla\Firefox\Profiles\autw61gc.default\searchplugins\Google.xml [2014.05.09 21:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014.05.09 21:40:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: NPSWF32_13_0_0_206.dll (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll CHR - homepage: http://securedsearch...&u=___userid___ CHR - homepage: http://securedsearch...&u=___userid___ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\Radu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014.05.09 20:54:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D03F31-20EE-43A7-8C67-BD84E9C287F3}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2067.06.13 11:13:08 | 000,655,360 | ---- | C] (Teklynx International) -- C:\Users\Radu\Documents\PEK.prn [2014.05.09 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014.05.09 20:56:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014.05.09 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\temp [2014.05.09 20:44:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014.05.09 16:35:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2014.05.09 16:06:17 | 002,286,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Radu\Desktop\GetSystemInfo.exe [2014.05.09 13:33:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.05.09 07:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free [2014.05.08 15:58:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2014.05.08 15:58:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2014.05.08 15:58:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2014.05.08 15:58:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll [2014.05.08 15:58:18 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2014.05.08 15:58:18 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2014.05.08 15:58:18 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2014.05.08 15:58:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2014.05.08 15:58:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2014.05.08 15:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2014.05.08 15:57:48 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll [2014.05.08 14:15:24 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel [2014.05.08 13:46:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.05.08 13:46:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014.05.08 13:42:43 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.05.08 13:42:30 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014.05.08 13:42:30 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014.05.07 08:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014.05.07 08:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014.05.05 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2014.05.05 23:45:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014.05.05 23:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual FoxPro 9 [2014.05.05 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Radu\Documents\Visual FoxPro Projects [2014.05.05 13:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [2014.05.05 13:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2014.05.05 13:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2014.05.05 13:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2014.05.04 16:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Daum [2014.05.04 11:28:58 | 006,143,496 | ---- | C] (Geek Uninstaller) -- C:\Users\Radu\Desktop\geek.exe [2014.05.04 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\Geek Uninstaller [2014.05.04 10:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2014.05.03 22:49:48 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.05.03 14:50:49 | 000,036,664 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2014.05.03 14:50:48 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2014.05.03 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\TuneUp Software [2014.05.03 11:19:11 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\QuickScan [2014.05.03 10:56:41 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\Microsoft Corporation [2014.05.03 10:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskTrix [2014.05.03 10:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\DiskTrix [2014.05.02 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2014.05.02 11:08:33 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\LavasoftStatistics [2014.05.02 10:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2014.05.02 10:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2014.04.30 16:40:41 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\9-lab [2014.04.30 16:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool [2014.04.30 16:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\9-lab [2014.04.30 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\9-lab [2014.04.29 15:37:42 | 000,661,184 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Radu\Desktop\autoruns.exe [2014.04.29 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2014.04.29 14:48:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014.04.28 22:29:08 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.04.28 14:12:29 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Roaming\AVG [2014.04.28 14:12:29 | 000,000,000 | ---D | C] -- C:\Users\Radu\AppData\Local\AVG [2014.04.28 14:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2014.04.28 14:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2014.04.23 11:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Radu\AppData\Local\EmieUserList [2014.04.23 11:12:03 | 000,000,000 | -HSD | C] -- C:\Users\Radu\AppData\Local\EmieSiteList [2014.04.21 11:19:10 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.04.21 11:19:07 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.04.21 11:19:07 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.04.21 11:19:06 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.04.10 22:37:18 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.04.10 22:37:14 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014.04.10 22:37:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014.04.10 22:37:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014.04.10 22:37:13 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.04.10 22:37:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.04.10 22:37:12 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014.04.10 22:37:12 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014.04.10 22:37:11 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014.04.10 22:37:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.04.10 22:37:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014.04.10 22:37:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014.04.10 22:37:09 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014.04.10 22:37:09 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014.04.10 22:37:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014.04.10 22:37:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014.04.10 22:37:09 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavascriptCollectionAgent.dll [2014.04.10 22:37:05 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.04.10 22:36:59 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.01.28 11:42:08 | 000,447,752 | ---- | C] (ABBYY) -- C:\Users\Radu\Setup.exe [2014.01.28 11:42:08 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Users\Radu\unicows.dll [2013.03.02 13:44:47 | 001,765,376 | ---- | C] (Teklynx Internationnal) -- C:\Program Files\lppa.exe ========== Files - Modified Within 30 Days ========== [2014.05.09 22:49:56 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.05.09 22:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.09 22:49:01 | 2388,533,248 | -HS- | M] () -- C:\hiberfil.sys [2014.05.09 22:48:31 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.09 22:48:31 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.09 22:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.09 20:54:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014.05.09 16:59:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2014.05.09 16:59:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2014.05.09 16:07:43 | 000,130,226 | ---- | M] () -- C:\Users\Radu\Desktop\GetSystemInfo_RADU_Radu_2014_05_09_16_07_03.zip [2014.05.09 16:06:17 | 002,286,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Radu\Desktop\GetSystemInfo.exe [2014.05.09 14:52:06 | 000,000,846 | ---- | M] () -- C:\Users\Radu\Desktop\µTorrent.lnk [2014.05.09 14:52:06 | 000,000,826 | ---- | M] () -- C:\Users\Radu\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2014.05.09 13:31:02 | 000,754,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.05.08 13:42:33 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.05.04 12:27:34 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.05.04 10:35:06 | 000,000,033 | ---- | M] () -- C:\Windows\Eic.ini [2014.05.03 15:34:48 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014.05.03 15:34:48 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014.05.03 11:13:51 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2014.05.03 09:48:30 | 000,000,895 | ---- | M] () -- C:\Windows\ODBC.INI [2014.04.29 15:37:44 | 000,661,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Radu\Desktop\autoruns.exe [2014.04.29 15:34:22 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.04.29 14:49:11 | 000,001,162 | ---- | M] () -- C:\Users\Radu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014.04.28 22:29:09 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2014.04.28 14:31:09 | 000,003,717 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2014.04.27 17:39:46 | 000,003,754 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2014.04.27 17:39:01 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2014.04.26 17:16:58 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini [2014.04.22 09:59:36 | 006,143,496 | ---- | M] (Geek Uninstaller) -- C:\Users\Radu\Desktop\geek.exe [2014.04.21 21:47:55 | 000,656,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.04.21 21:47:55 | 000,123,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.04.20 17:58:11 | 000,012,288 | ---- | M] () -- C:\Users\Radu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.04.15 15:59:24 | 000,036,664 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2014.04.15 15:59:16 | 000,025,400 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2014.04.14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.04.14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.04.14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.04.14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.04.14 05:11:39 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.04.14 05:07:19 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll ========== Files Created - No Company Name ========== [2067.06.13 11:13:08 | 000,010,926 | ---- | C] () -- C:\Users\Radu\Documents\PEK.ini [2014.05.09 16:59:01 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2014.05.09 16:59:01 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2014.05.09 16:07:43 | 000,130,226 | ---- | C] () -- C:\Users\Radu\Desktop\GetSystemInfo_RADU_Radu_2014_05_09_16_07_03.zip [2014.05.08 13:42:33 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.05.04 10:35:06 | 000,000,033 | ---- | C] () -- C:\Windows\Eic.ini [2014.05.03 11:13:49 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2014.04.23 11:03:01 | 000,003,754 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2014.01.31 17:07:42 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2014.01.31 17:07:42 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL [2014.01.31 17:07:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2014.01.28 11:42:04 | 007,310,848 | ---- | C] () -- C:\Users\Radu\ABBYY PDF Transformer 3.0 x64.msi [2014.01.28 11:42:04 | 007,306,752 | ---- | C] () -- C:\Users\Radu\ABBYY PDF Transformer 3.0.msi [2013.06.26 22:21:15 | 000,003,717 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013.01.30 19:40:12 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.12.24 07:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2012.10.18 20:44:29 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.09.25 11:52:08 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll [2012.07.02 11:22:21 | 001,383,318 | ---- | C] () -- C:\Users\Radu\LONDON.pdf [2012.05.16 18:56:33 | 000,000,064 | ---- | C] () -- C:\Windows\FONTLOAD.INI [2011.05.15 19:40:04 | 000,012,288 | ---- | C] () -- C:\Users\Radu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 00:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.08.22 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\337 Wallpaper [2014.04.30 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\9-lab [2014.05.09 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\AVG [2011.05.10 21:34:52 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Canneverbe Limited [2013.11.17 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\gBurner [2014.05.04 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Geek Uninstaller [2012.07.23 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IObit [2014.05.08 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IrfanView [2013.01.19 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\IsolatedStorage [2013.10.04 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Jubler [2013.08.27 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\PDF Software [2014.05.03 11:19:13 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\QuickScan [2011.05.10 21:34:57 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Reviversoft [2012.01.02 11:45:40 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Samsung [2014.05.09 17:40:33 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\uTorrent [2012.01.19 11:38:16 | 000,000,000 | ---D | M] -- C:\Users\Radu\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.10.07 10:14:37 | 000,039,424 | ---- | M] ()(C:\Users\Radu\Documents\fi?a de lucru.doc) -- C:\Users\Radu\Documents\fișa de lucru.doc [2013.10.07 10:14:35 | 000,039,424 | ---- | C] ()(C:\Users\Radu\Documents\fi?a de lucru.doc) -- C:\Users\Radu\Documents\fișa de lucru.doc < End of report > OTL Extras logfile created on: 09.05.2014 22:51:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = R:\Dowload Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000418 | Country: România | Language: ROM | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,60% Memory free 5,93 Gb Paging File | 4,83 Gb Available in Paging File | 81,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,02 Gb Total Space | 29,80 Gb Free Space | 50,48% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 126,90 Gb Free Space | 64,97% Space Free | Partition Type: NTFS Drive R: | 210,94 Gb Total Space | 45,63 Gb Free Space | 21,63% Space Free | Partition Type: NTFS Computer Name: RADU | User Name: Radu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{289E9A9F-3F91-44F5-AB51-5516D40B7B28}" = rport=137 | protocol=17 | dir=out | app=system | "{298A0376-46EF-49FD-AF68-1F362BD4424D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B4333F6-92B0-4F20-BC22-C76392741072}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{584DEACF-E6BA-4354-9127-C958DFBB6AF1}" = rport=138 | protocol=17 | dir=out | app=system | "{5CEA98F4-1970-4D67-9E44-8601A33A4107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A865E2BE-29EA-4264-8CFC-15EA25DC9A4D}" = rport=445 | protocol=6 | dir=out | app=system | "{B6E58A02-9D33-4B8E-8D2C-B0367E8043A4}" = lport=138 | protocol=17 | dir=in | app=system | "{BA760CA6-808C-4E8E-B98A-B00606BCFD86}" = lport=139 | protocol=6 | dir=in | app=system | "{C98E3FFE-180D-4A84-A725-BD735A1AF334}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{CFE3466C-CA3D-4BC1-8F5E-9A1C4F8642DD}" = rport=139 | protocol=6 | dir=out | app=system | "{EF4FC2B2-4524-4FB9-B772-5F2E9E65B3C0}" = lport=137 | protocol=17 | dir=in | app=system | "{F47941AF-7CE4-43D8-8DF6-2BB61C88E621}" = lport=445 | protocol=6 | dir=in | app=system | "{F902A849-278B-4543-89BD-215C60100B1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F9E35DB0-DE99-4B70-A3BB-2902948EC21B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6D8B178E-F8B8-4648-8300-8DB2768C94F7}" = protocol=1 | dir=out | [email protected],-28544 | "{6F11BDBB-D17C-4C09-9BAF-9DFAC7A34EBF}" = protocol=1 | dir=in | [email protected],-28543 | "{90DF46EB-666F-445A-9B7F-F552E24E9A59}" = protocol=58 | dir=in | [email protected],-28545 | "{93F9AA1A-3B3D-49EF-B30C-D9A405D964B3}" = protocol=58 | dir=out | [email protected],-28546 | "{ACA7C2BA-452B-473B-86F3-1625803EBA02}" = protocol=6 | dir=in | app=c:\users\radu\appdata\roaming\utorrent\utorrent.exe | "{D8046CF9-12E0-4A88-9BF1-8CF99E4AB672}" = protocol=17 | dir=in | app=c:\users\radu\appdata\roaming\utorrent\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-003F-0418-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager "{AC76BA86-7AD7-1048-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Romanian "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B525DC95-8D7F-40DC-A2EE-20E619CEE863}" = Microsoft AntiMalware Service RO-RO Language Pack "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EF8A40DD-FC58-489B-9454-C14134335C7E}" = eKonom "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "CCleaner" = CCleaner "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "HDMI" = Intel® Graphics Media Accelerator Driver "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = Irfanview (remove only) "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004 "Mozilla Firefox 29.0.1 (x86 ro)" = Mozilla Firefox 29.0.1 (x86 ro) "MozillaMaintenanceService" = Mozilla Maintenance Service "OPFV 2011" = OPFV 2011 "TVWiz" = Intel® TV Wizard "WheelMouse" = 2T-Office 7.80 "WinRAR archiver" = WinRAR 5.00 (32-bit) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-23971535-937172135-1387098642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.05.2014 15:38:56 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 15:43:14 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 15:43:14 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 15:44:38 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 15:46:10 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 15:46:10 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 15:47:34 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = Error - 09.05.2014 15:49:32 | Computer Name = Radu | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 09.05.2014 15:49:32 | Computer Name = Radu | Source = VmbService | ID = 0 Description = userProfileData Error - 09.05.2014 15:50:53 | Computer Name = Radu | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 09.05.2014 15:38:06 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 Error - 09.05.2014 15:43:02 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 15:44:01 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 19:44:01 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 15:44:02 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 Error - 09.05.2014 15:45:55 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 15:47:03 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 19:47:03 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 15:47:04 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 Error - 09.05.2014 15:49:12 | Computer Name = Radu | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183. Error - 09.05.2014 15:50:16 | Computer Name = Radu | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?09.?05.?2014 19:50:16 Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file. Error - 09.05.2014 15:50:19 | Computer Name = Radu | Source = Service Control Manager | ID = 7023 Description = The Microsoft Antimalware Service service terminated with the following error: %%-2147017840 < End of report > |
#26
Posted 09 May 2014 - 23:54
eiffel, on 09 mai 2014 - 16:54, said:
Daca nici asa nu se rezolva, incep sa cred ca problema nu ar fi un virus ci ceva corupt in sistem. Eventual o rulare de verificare a fisierelor - sfc /scannow ar putea repara ceva - dar nu e sigur. Am facut rularea fisierelor cu sfc /scannow avand la dispozitie DVD-ul cu windowsul 7 original. Deocamdata se pare ca merge. Nu scot insa dopul de la sampanie ptr. ca au mai fost momente de genul asta, sa vedem daca tine. |
#27
Posted 10 May 2014 - 09:12
Pe la 4 dimineata am inchis calculatorul si era OK.
Acum cand l-am pornit, aceeasi belea. |
#29
Posted 10 May 2014 - 14:09
#30
Posted 10 May 2014 - 16:04
Foloseste asta:
Microsoft Security Essentials Removal Tool. |
#31
Posted 10 May 2014 - 16:04
misu183, on 10 mai 2014 - 14:17, said:
Eu zic ca in cazul de fatza poti sa vii si cu mama programelor de devirusare. Fa mai bine un format C: si un fresh install la Windows si vei fi curat ca lacrima. Nu e o solutie asta ptr. mine, nu vreau sa dezvolt mai mult, nu e locul. Ideea e ca windows-ul e cu licenta, consider ca se poate repara, fie ca e stricat din cauza unui virus sau din alt motiv. |
#32
Posted 10 May 2014 - 16:21
#33
Posted 10 May 2014 - 17:13
MhG_40, on 10 mai 2014 - 16:04, said:
Foloseste asta: Microsoft Security Essentials Removal Tool. am facut. nici un rezultat. xxvirusxx, on 10 mai 2014 - 16:21, said: Uf, acum am verificat si nu era oprit. L-am oprit acum. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:11:46, on 10.05.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Sentinel Local License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Serviciu Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- End of file - 2661 bytes |
|
#34
Posted 10 May 2014 - 19:52
Cu dvd-ul de Win7 bagat am facut ce scrie aici, doar partea de reparatii.
Nu mi-a semnalat erori. In fine, dupa restartare iar se comporta normal. Nu sunt specialist, de aceea si am cerut ajutorul pe aici. E ciudat ca sistemul are perioade mai lungi (ore intregi) sau mai scurte cand functioneaza OK si apoi pac, se deregleaza. Si deranjeaza o multime de aplicatii care ruleaza dar nu o fac corect. De aceea m-am gandit ca e virus. Deocamdata merge bine. De peste o ora e in curs un custom scan cu Malwarebytes Anti-malware si pana acum nu mi-a gasit nimic. Apropo de antivirusi, altul din cate stiu nu mai am, le-am dezinstalat pe toate. |
#35
Posted 11 May 2014 - 09:08
#36
Posted 11 May 2014 - 10:40
Aseara s-a comportat normal. Cand am plecat de la calculator l-am trecut pe hibernate nu am dat Shut down iar dimineata a mers iar bine.
Mi-a aparut acum o alerta de la Malwarebytes Anti-malware cum ca mi-a gasit la scanare virusi si-mi cere permisiunea sa-i treaca in carantina. Dau OK si se restarteaza. Dupa restart nenorocitul iar e stricat... Aseara cum am zis am scanat custom si nu mi-a gasit nici unul. Acum nici nu am pornit programul de scanare, m-am gandit ca avand protectia activa o fi gasit el ceva, ca eu nu l-am mai pornit azi sa scaneze... Pun mai jos un PS de la Malwarebytes Anti-malware, nu pot insa se merg cu ursorul pe bara laterala sa vad mai jos... Attached Files |
Anunturi
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users