|
Poslao: 19 Jul 2014 22:14
|
offline
- Brksi
- Ex KGB officer
- Pridružio: 18 Jul 2003
- Poruke: 4204
- Gde živiš: U zlatnom kavezu
|
Dakle laptop, kojije do pre par meseci mogao normalno da se putem vga veze poveze s tv-om odjednom vise ne moze.... tv izbacuje no signal... a kombinacija fn+f5 reaguje ali promena na tvu nema....
Pokusano je:
Zamena vga kabla, povezivanje na drugi monitor, reinstalacija gpu drivera.... sve bez rezultata.
Podesavanja u grafickoj, sama menjaju vrednosti kada iih rucno podesim..... a i tad nema slike na tv-u.
Opste stanje sistema indikovalo je prisustvo velike kolicine adware-a, te je primenjen tretman sa adwcleanerom ciji ucinak nije uticao na izlozeni problem. Adwcleaner pak nije uticao na web browsere koji su uredno bili iskljuceni, a cija je "klinicka slika" pokazivala klasicno hijack-ovanje home page-a.
Kako bi resio problem sa browserima primenio sam radikalnu metodu unistavanje i ponovnog pravljenja korisnickog profila....
Posto postoji indikacija na virusnu infekciju zamolio bi drage kolege da mi pripomognu, stalo mi je da izbegnem reinstal wina u ovom slucaju.
Evo logova
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by Trony (administrator) on TOSHIBA on 19-07-2014 21:24:53
Running from C:\Documents and Settings\Trony\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files\Skype\Plugin Manager\skypePM.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-15] (Google Inc.)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [GameXN GO] => C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe [347008 2013-02-24] (EasyBits Software AS)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * lsdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
SearchScopes: HKCU - {D5FDEECB-0BB3-4F96-9006-CF36B22B864A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.4.17 - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: http://lavasoft.blekko.com/ws/?source=f439e2c0&.....4C8&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx [2014-07-10]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149088 2012-09-25] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-21] (Lavasoft Limited ) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-09-25] (Sony Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-31] (GFI Software)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2014-07-10] (REALiX(tm))
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 Ltn_hyd7700pc; C:\WINDOWS\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\WINDOWS\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428480 2006-10-29] (Intel® Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.
==================== One Month Created Files and Folders ========
2014-07-19 21:22 - 2014-07-19 21:24 - 00000000 ____D () C:\FRST
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-19 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:26 - 2014-07-10 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-10 14:31 - 2007-05-25 11:00 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-07-10 14:16 - 2014-07-10 14:17 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:52 - 2013-10-12 12:04 - 02842360 _____ (Martin Malík - REALiX ) C:\Documents and Settings\Trony\Desktop\hw32_424.exe
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:11 - 2014-07-01 12:12 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-06-26 06:39 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-26 06:39 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-26 06:39 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-26 06:39 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-26 06:38 - 2014-06-26 06:39 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
==================== One Month Modified Files and Folders =======
2014-07-19 21:25 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Temp
2014-07-19 21:24 - 2014-07-19 21:22 - 00000000 ____D () C:\FRST
2014-07-19 21:19 - 2008-09-15 13:48 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\Skype
2014-07-19 21:17 - 2009-07-01 19:05 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
2014-07-19 21:15 - 2011-07-14 11:52 - 00002265 _____ () C:\Documents and Settings\Trony\Desktop\skype.lnk
2014-07-19 21:15 - 2009-02-11 14:58 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\skypePM
2014-07-19 21:03 - 2012-06-05 22:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 21:03 - 2008-09-15 12:53 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 20:55 - 2010-08-30 19:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 15:43 - 2014-07-10 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-19 12:51 - 2011-04-13 19:53 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2014-07-19 12:51 - 2011-04-13 19:53 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2014-07-19 12:51 - 2010-09-24 18:20 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-07-19 12:18 - 2008-09-15 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-19 11:54 - 2014-05-25 07:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-19 07:22 - 2008-09-15 12:48 - 01521417 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-18 11:55 - 2010-08-30 19:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 14:49 - 2013-03-31 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-07-17 14:49 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\go
2014-07-17 14:49 - 2008-09-15 15:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\OpenOffice.org2
2014-07-17 14:49 - 2008-09-15 13:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-17 14:49 - 2008-09-15 13:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-17 14:49 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-17 14:48 - 2014-03-24 18:12 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-17 14:48 - 2011-02-05 17:52 - 00692728 _____ () C:\aaw7boot.log
2014-07-17 14:48 - 2011-01-06 20:28 - 00000288 _____ () C:\WINDOWS\Tasks\iMeshNAG.job
2014-07-17 14:48 - 2008-09-15 12:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 06:59 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GameXN
2014-07-17 00:31 - 2008-09-15 12:54 - 00000278 ___SH () C:\Documents and Settings\Trony\ntuser.ini
2014-07-11 11:27 - 2009-03-07 21:18 - 00673675 _____ () C:\WINDOWS\setupapi.log
2014-07-10 22:21 - 2009-10-22 09:42 - 00000000 ___RD () C:\Documents and Settings\Trony\Desktop\Odrzavanje Racunara
2014-07-10 15:54 - 2009-08-28 17:00 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Temp
2014-07-10 15:50 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:37 - 2014-07-10 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 14:41 - 2008-09-15 13:26 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-10 14:17 - 2014-07-10 14:16 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-09 14:04 - 2013-07-15 23:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 14:00 - 2008-09-15 14:56 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 23:03 - 2012-06-05 22:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 23:03 - 2012-02-11 11:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-24 18:12 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-02 13:40 - 2009-02-10 16:12 - 00000000 ____D () C:\Program Files\Macmillan
2014-07-02 13:40 - 2008-09-15 13:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:12 - 2014-07-01 12:11 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01981816 _____ () C:\WINDOWS\iis6.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01830110 _____ () C:\WINDOWS\FaxSetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00874976 _____ () C:\WINDOWS\ocgen.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00835028 _____ () C:\WINDOWS\tsoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00608403 _____ () C:\WINDOWS\comsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00560118 _____ () C:\WINDOWS\msmqinst.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00368712 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00320568 _____ () C:\WINDOWS\netfxocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00125800 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00101232 _____ () C:\WINDOWS\ocmsn.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00092056 _____ () C:\WINDOWS\tabletoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00091464 _____ () C:\WINDOWS\msgsocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-07-01 12:12 - 2008-09-15 13:33 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-07-01 12:11 - 2009-03-07 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-07-01 11:50 - 2010-07-28 08:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 06:17 - 2009-07-01 19:05 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
2014-06-26 06:39 - 2014-06-26 06:38 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Java
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 07:04 - 2013-12-28 00:07 - 00002323 _____ () C:\Documents and Settings\All Users\Desktop\Svjedočanstva.lnk
2014-06-22 06:38 - 2013-10-31 23:39 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\Statistika.maja 2013-14
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-06-21 13:45 - 2013-12-28 00:12 - 03625897 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-1993962763-725345543-1003-0.dat
2014-06-21 13:45 - 2013-12-28 00:12 - 00306846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-20 16:18 - 2012-05-04 22:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Documents and Settings\Trony\Local Settings\Temp\fdc56105-f7de-4da9-bbf8-7fd37c5f975e.exe
C:\Documents and Settings\Trony\Local Settings\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 20 Jul 2014 09:39
|
offline
- ivance95
- AMF pripravnik
- Pridružio: 04 Jul 2011
- Poruke: 5424
|
 Zamolio bih te da ne koristiš nikakve USB memorije dok ti ja ne kažem drugačije.
 Otvori Control Panel - Program and Features i deinstaliraj sledeće:
Ad-Aware
Ad-Aware Browsing Protection
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe
C:\Win
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32"
C:\Win\lsass.exe
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]
NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\DOCUME~1\Trony\LOCALS~1\Temp\iMesh_setup.exe
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Preuzmi MCShield sa sljedeće adrese:
http://www.mcshield.net/download/MCShield-Setup.exe
Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.
Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.
Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.
Idi na Start -> All Programs -> MCShield -> Logs -> AllScans
Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku
|
|
|
|
|
|
|
Poslao: 21 Jul 2014 13:27
|
offline
- Brksi
- Ex KGB officer
- Pridružio: 18 Jul 2003
- Poruke: 4204
- Gde živiš: U zlatnom kavezu
|
Nije trazio restart
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by Trony at 2014-07-21 13:05:34 Run:1
Running from C:\Documents and Settings\Trony\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe
C:\Win
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32"
C:\Win\lsass.exe
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]
NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\DOCUME~1\Trony\LOCALS~1\Temp\iMesh_setup.exe
*****************
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b4f6a05-0b44-11de-8ca7-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{2b4f6a05-0b44-11de-8ca7-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57db1862-b68e-11de-8d80-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{57db1862-b68e-11de-8d80-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a293564d-56aa-11de-8d3d-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{a293564d-56aa-11de-8d3d-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab442202-1b69-11e0-8ff0-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{ab442202-1b69-11e0-8ff0-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4ac848-bd6c-11de-8d91-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{fe4ac848-bd6c-11de-8d91-001e335a3b4d}'=> Key not found.
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe => Moved successfully.
C:\Win => Moved successfully.
ulxoo => Service deleted successfully.
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32" =========
Permanently delete the registry key SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32 (Y/N)?
The operation completed successfully
========= End of Reg: =========
"C:\Win\lsass.exe" => File/Directory not found.
srwxafqox => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs srwxafqox => Value deleted successfully.
C:\WINDOWS\Tasks\iMeshNAG.job => Moved successfully.
==== End of Fixlog ====
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
Poslao: 21 Jul 2014 16:47
|
offline
- Brksi
- Ex KGB officer
- Pridružio: 18 Jul 2003
- Poruke: 4204
- Gde živiš: U zlatnom kavezu
|
Stanje - isto.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by Trony (administrator) on TOSHIBA on 21-07-2014 16:03:35
Running from C:\Documents and Settings\Trony\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files\Skype\Plugin Manager\skypePM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-15] (Google Inc.)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [GameXN GO] => C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe [347008 2013-02-24] (EasyBits Software AS)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" (the data entry has 7 more characters).
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Trony\Local Settings\Application Data\adawarebp" /s /q
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
SearchScopes: HKCU - {D5FDEECB-0BB3-4F96-9006-CF36B22B864A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.4.17 - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp.....838D4C8&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx [2014-07-10]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149088 2012-09-25] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-09-25] (Sony Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-31] (GFI Software)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2014-07-10] (REALiX(tm))
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 Ltn_hyd7700pc; C:\WINDOWS\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\WINDOWS\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428480 2006-10-29] (Intel® Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-21 16:03 - 2014-07-21 16:04 - 00018915 _____ () C:\Documents and Settings\Trony\Desktop\FRST.txt
2014-07-21 16:03 - 2014-07-21 12:59 - 01080320 _____ (Farbar) C:\Documents and Settings\Trony\Desktop\FRST.exe
2014-07-21 13:07 - 2014-07-21 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Program Files\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2014-07-19 21:22 - 2014-07-21 16:03 - 00000000 ____D () C:\FRST
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-21 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:26 - 2014-07-10 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-10 14:31 - 2007-05-25 11:00 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-07-10 14:16 - 2014-07-10 14:17 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:52 - 2013-10-12 12:04 - 02842360 _____ (Martin Malík - REALiX ) C:\Documents and Settings\Trony\Desktop\hw32_424.exe
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:11 - 2014-07-01 12:12 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-06-26 06:39 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-26 06:39 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-26 06:39 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-26 06:39 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-26 06:38 - 2014-06-26 06:39 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
==================== One Month Modified Files and Folders =======
2014-07-21 16:04 - 2014-07-21 16:03 - 00018915 _____ () C:\Documents and Settings\Trony\Desktop\FRST.txt
2014-07-21 16:04 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Temp
2014-07-21 16:03 - 2014-07-19 21:22 - 00000000 ____D () C:\FRST
2014-07-21 16:03 - 2012-06-05 22:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-21 16:02 - 2008-09-15 13:48 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\Skype
2014-07-21 15:55 - 2010-08-30 19:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 15:43 - 2014-07-10 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-21 15:17 - 2009-07-01 19:05 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
2014-07-21 13:29 - 2011-07-14 11:52 - 00002265 _____ () C:\Documents and Settings\Trony\Desktop\skype.lnk
2014-07-21 13:27 - 2008-09-15 12:48 - 01545618 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-21 13:18 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Program Files\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2014-07-21 12:59 - 2014-07-21 16:03 - 01080320 _____ (Farbar) C:\Documents and Settings\Trony\Desktop\FRST.exe
2014-07-21 12:56 - 2010-09-19 14:24 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\~0
2014-07-21 12:56 - 2009-03-07 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-07-21 11:55 - 2010-08-30 19:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 11:02 - 2009-02-11 14:58 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\skypePM
2014-07-20 08:06 - 2010-09-19 14:26 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-07-19 21:03 - 2008-09-15 12:53 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 12:51 - 2011-04-13 19:53 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2014-07-19 12:51 - 2011-04-13 19:53 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2014-07-19 12:51 - 2010-09-24 18:20 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-07-19 12:18 - 2008-09-15 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-19 11:54 - 2014-05-25 07:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-17 14:49 - 2013-03-31 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-07-17 14:49 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\go
2014-07-17 14:49 - 2008-09-15 15:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\OpenOffice.org2
2014-07-17 14:49 - 2008-09-15 13:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-17 14:49 - 2008-09-15 13:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-17 14:49 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-17 14:48 - 2014-03-24 18:12 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-17 14:48 - 2011-02-05 17:52 - 00692728 _____ () C:\aaw7boot.log
2014-07-17 14:48 - 2008-09-15 12:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 06:59 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GameXN
2014-07-17 00:31 - 2008-09-15 12:54 - 00000278 ___SH () C:\Documents and Settings\Trony\ntuser.ini
2014-07-11 11:27 - 2009-03-07 21:18 - 00673675 _____ () C:\WINDOWS\setupapi.log
2014-07-10 22:21 - 2009-10-22 09:42 - 00000000 ___RD () C:\Documents and Settings\Trony\Desktop\Odrzavanje Racunara
2014-07-10 15:54 - 2009-08-28 17:00 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Temp
2014-07-10 15:50 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:37 - 2014-07-10 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 14:41 - 2008-09-15 13:26 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-10 14:17 - 2014-07-10 14:16 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-09 14:04 - 2013-07-15 23:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 14:00 - 2008-09-15 14:56 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 23:03 - 2012-06-05 22:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 23:03 - 2012-02-11 11:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-24 18:12 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-02 13:40 - 2009-02-10 16:12 - 00000000 ____D () C:\Program Files\Macmillan
2014-07-02 13:40 - 2008-09-15 13:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:12 - 2014-07-01 12:11 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01981816 _____ () C:\WINDOWS\iis6.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01830110 _____ () C:\WINDOWS\FaxSetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00874976 _____ () C:\WINDOWS\ocgen.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00835028 _____ () C:\WINDOWS\tsoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00608403 _____ () C:\WINDOWS\comsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00560118 _____ () C:\WINDOWS\msmqinst.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00368712 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00320568 _____ () C:\WINDOWS\netfxocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00125800 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00101232 _____ () C:\WINDOWS\ocmsn.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00092056 _____ () C:\WINDOWS\tabletoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00091464 _____ () C:\WINDOWS\msgsocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-07-01 12:12 - 2008-09-15 13:33 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-07-01 11:50 - 2010-07-28 08:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 06:17 - 2009-07-01 19:05 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
2014-06-26 06:39 - 2014-06-26 06:38 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Java
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 07:04 - 2013-12-28 00:07 - 00002323 _____ () C:\Documents and Settings\All Users\Desktop\Svjedočanstva.lnk
2014-06-22 06:38 - 2013-10-31 23:39 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\Statistika.maja 2013-14
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-06-21 13:45 - 2013-12-28 00:12 - 03625897 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-1993962763-725345543-1003-0.dat
2014-06-21 13:45 - 2013-12-28 00:12 - 00306846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
Poslao: 22 Jul 2014 12:46
|
offline
- Brksi
- Ex KGB officer
- Pridružio: 18 Jul 2003
- Poruke: 4204
- Gde živiš: U zlatnom kavezu
|
https://www.mycity.rs/must-login.png
ComboFix 14-07-21.01 - Trony 22.07.2014 12:12:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT 2:00]
Running from: c:\documents and settings\Trony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET174.tmp
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-06-22 to 2014-07-22 )))))))))))))))))))))))))))))))
.
.
2014-07-21 21:01 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-21 11:07 . 2014-07-22 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2014-07-21 11:07 . 2014-07-21 11:07 -------- d-----w- c:\program files\MCShield
2014-07-19 19:22 . 2014-07-21 14:06 -------- d-----w- C:\FRST
2014-07-10 13:44 . 2014-07-10 13:44 -------- d-----w- c:\documents and settings\Trony\Application Data\AVAST Software
2014-07-10 13:44 . 2014-07-10 13:44 -------- d-----w- c:\windows\jumpshot.com
2014-07-10 13:43 . 2014-07-10 13:43 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-10 13:43 . 2014-07-10 13:43 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-10 13:43 . 2014-07-10 13:43 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-10 13:43 . 2014-07-10 13:43 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 13:43 . 2014-07-10 13:43 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 13:43 . 2014-07-10 13:43 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 13:43 . 2014-07-10 13:43 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 13:43 . 2014-07-10 13:43 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-10 13:43 . 2014-07-10 13:43 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-10 13:43 . 2014-07-10 13:43 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 13:37 . 2014-07-10 13:37 -------- d-----w- c:\program files\AVAST Software
2014-07-10 13:26 . 2014-07-10 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-07-10 13:01 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-10 12:31 . 2007-05-25 09:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2014-07-10 11:54 . 2014-07-10 11:54 22560 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-07-10 11:54 . 2014-07-10 11:54 -------- d-----w- c:\program files\HWiNFO32
2014-07-10 11:34 . 2014-07-10 11:34 -------- d-----w- c:\program files\FinalWire
2014-07-10 11:24 . 2014-07-10 11:24 -------- d-----w- c:\documents and settings\Trony\Application Data\TeamViewer
2014-07-01 10:14 . 2014-07-01 10:14 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-06-22 19:02 . 2014-06-22 19:02 -------- d-----w- c:\documents and settings\Trony\Application Data\ilividmoviestoolbar20
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 00:36 . 2008-09-15 11:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-08 21:03 . 2012-06-05 20:01 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 21:03 . 2012-02-11 09:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 13:43 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GameXN GO"="c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe" [2013-02-24 347008]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-09-25 724576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-10 4086432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Trony\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 18:41 136176 ----atw- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 17:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 08:08 16380416 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5247:TCP"= 5247:TCP:qtxib
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.7.2014 15:43 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.7.2014 15:43 192352]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [25.2.2013 17:52 13560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.3.2009 20:38 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.7.2014 15:43 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10.7.2014 15:43 414520]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [10.7.2014 13:54 22560]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.7.2014 15:43 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.7.2014 15:43 67824]
R2 DeviceFinderService;DeviceFinderService;c:\program files\Sony\PlayMemories Home\dfs.exe [25.9.2012 19:58 149088]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [25.9.2012 19:57 474208]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [18.5.2007 5:50 374144]
S3 Ltn_rc;HID Infrared Remote Controler;c:\windows\system32\drivers\Ltn_rc.sys [27.12.2006 8:32 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 05:56 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 21:03]
.
2014-07-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10 13:43]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:05]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:05]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 18:41]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 18:41]
.
2014-07-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
2014-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User\
FF - prefs.js: browser.startup.homepage - www.google.me
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-{2977d8cc-8902-4340-be88-2c676bf96b8d} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-ilividmoviestoolbar20IE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-22 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(720)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-07-22 12:26:24 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-22 10:26
.
Pre-Run: 5.624.991.744 bytes free
Post-Run: 8.469.626.880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FE877FD2519B1D23249F9EC33CD375BD
8F558EB6672622401DA993E1E865C861
|
|
|
|
|
|
|
|
|
|
|
Poslao: 22 Jul 2014 15:54
|
offline
- ivance95
- AMF pripravnik
- Pridružio: 04 Jul 2011
- Poruke: 5424
|
Ne, ovo radimo da bi popravili to što što CF obrisao (false positive). Problem nije izazvan malware-om, kada završimo moraćeš da se obratiš u Windows potforum.
|
|
|
|
|
|
Kada preuzimanje programa bude završeno:
