offline
- goran.momak
- Novi MyCity građanin
- Pridružio: 11 Jan 2014
- Poruke: 22
|
Napisano: 17 Feb 2014 16:22
mycity.rs/must-login.png
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by goran (administrator) on GORAN-B73602638 on 17-02-2014 16:13:39
Running from C:\Documents and Settings\goran\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgfws9.exe
() C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgam.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
() C:\Program Files\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\WINDOWS\FixCamera.exe
() C:\Documents and Settings\All Users\Application Data\Mobilni internet\OnlineUpdate\ouc.exe
() C:\WINDOWS\tsnp325.exe
() C:\WINDOWS\vsnp325.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Smart Turn Off Inc.) C:\Program Files\Smart Turn Off\SMTimer.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Documents and Settings\goran\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2010-03-09] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2006-02-07] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-02-07] (Intel Corporation)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [33792 2003-12-13] ()
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-02-26] (Nero AG)
HKLM\...\Run: [AVG9_TRAY] - C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2013-09-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-03] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [FixCamera] - C:\WINDOWS\FixCamera.exe [20480 2007-02-12] ()
HKLM\...\Run: [tsnp325] - C:\WINDOWS\tsnp325.exe [270336 2007-04-21] ()
HKLM\...\Run: [snp325] - C:\WINDOWS\vsnp325.exe [835584 2007-05-09] ()
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\Run: [Google Update] - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-09-12] (Google Inc.)
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\Run: [SMTimer.exe] - C:\Program Files\Smart Turn Off\SMTimer.exe [635524 2008-12-22] (Smart Turn Off Inc.)
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\Run: [Facebook Update] - C:\Documents and Settings\goran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-01-15] (Facebook Inc.)
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\MountPoints2: {39109ba8-5cd3-11e3-9845-000e7b174e1b} - G:\AutoRun.exe
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\MountPoints2: {39109bab-5cd3-11e3-9845-000e7b174e1b} - G:\AutoRun.exe
HKU\S-1-5-21-117609710-920026266-839522115-1003\...\MountPoints2: {39109bad-5cd3-11e3-9845-000e7b174e1b} - G:\AutoRun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = us.yhs.search.yahoo.com/avg/search?fr=yhs-a....._us&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = yandex.ru/yandsearch?win=109&clid=2073738&text={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = yandex.ru/yandsearch?win=109&clid=2073738&text={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = isearch.avg.com/search?cid={C0A3CD70-6C79-4538-8AD7-1915CF3D2037}&mid=565bcfd0120147d3b43cd1473df3a7e8-47da994c0b1cd408437b200520ccf9e6aa3c350a&lang=sr&ds=AVG&pr=&d=2013-09-13 03:58:19&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\goran\Application Data\Mozilla\Firefox\Profiles\uf6fp1kb.default
FF user.js: detected! => C:\Documents and Settings\goran\Application Data\Mozilla\Firefox\Profiles\uf6fp1kb.default\user.js
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\goran\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\goran\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\goran\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\goran\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\goran\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\goran\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\goran\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\goran\Application Data\Mozilla\Firefox\Profiles\uf6fp1kb.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Documents and Settings\goran\Application Data\Mozilla\Firefox\Profiles\uf6fp1kb.default\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2013-09-13]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-10]
Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Google диск) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google претрага) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-09-16]
CHR Extension: (Google новчаник) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Documents and Settings\goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-10]
========================== Services (Whitelisted) =================
R2 acs; C:\WINDOWS\system32\acs.exe [499796 2011-12-26] (Atheros)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2013-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgfws9; C:\Program Files\AVG\AVG9\avgfws9.exe [2331544 2013-09-13] (AVG Technologies CZ, s.r.o.)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-12-26] (wireless)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S2 Mobilni internet. RunOuc; C:\Program Files\Mobilni internet\UpdateDog\ouc.exe [246112 2013-12-04] ()
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1763584 2012-10-18] (Atheros Communications, Inc.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30104 2013-09-13] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30104 2013-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2013-09-13] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx86; C:\WINDOWS\System32\Drivers\avgrkx86.sys [52872 2013-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2013-09-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-12-26] (Atheros Communications, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 SNP325; C:\WINDOWS\System32\DRIVERS\snp325.sys [10343168 2007-05-07] (Sonix Co. Ltd.)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [276816 2004-11-11] (SigmaTel, Inc.)
S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-12-26] (Atheros Communications, Inc.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2013-12-04] (Huawei Technologies Co., Ltd.)
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-07-12] (Microsoft Corporation)
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-09] ()
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-17 16:13 - 2014-02-17 16:13 - 00000000 ____D () C:\FRST
2014-02-16 19:24 - 2014-02-16 18:40 - 00688992 ____R (Swearware) C:\Documents and Settings\goran\Desktop\dds.pif
2014-02-16 18:39 - 2014-02-16 18:39 - 00000000 ___HD () C:\WINDOWS\PIF
2014-02-16 06:19 - 2014-02-16 06:19 - 00001773 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-02-16 06:19 - 2014-02-16 06:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-16 06:19 - 2014-02-16 06:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2014-02-15 08:31 - 2014-02-15 08:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-09 06:51 - 2014-02-09 06:51 - 00000000 ____D () C:\Program Files\Common Files\snp325
2014-02-09 06:51 - 2014-02-09 06:51 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\InstallShield
2014-02-09 06:51 - 2007-05-09 10:46 - 00835584 _____ () C:\WINDOWS\vsnp325.exe
2014-02-09 06:51 - 2007-05-07 18:38 - 10343168 _____ (Sonix Co. Ltd.) C:\WINDOWS\system32\Drivers\snp325.sys
2014-02-09 06:51 - 2007-04-24 15:40 - 00057344 _____ ( ) C:\WINDOWS\system32\vsnp325.dll
2014-02-09 06:51 - 2007-04-21 09:30 - 00270336 _____ () C:\WINDOWS\tsnp325.exe
2014-02-09 06:51 - 2007-02-12 14:50 - 00020480 _____ () C:\WINDOWS\FixCamera.exe
2014-02-09 06:51 - 2006-07-03 10:31 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\amcap.exe
2014-02-09 06:51 - 2006-04-12 12:11 - 00147456 _____ ( ) C:\WINDOWS\system32\rsnp325.dll
2014-02-09 06:51 - 2004-02-27 17:36 - 00015498 _____ () C:\WINDOWS\snp325.ini
2014-02-09 06:51 - 2004-02-27 17:36 - 00013023 _____ () C:\WINDOWS\snp325.src
2014-02-07 18:27 - 2014-02-07 18:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-07 18:27 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-07 18:27 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-07 18:27 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-07 18:27 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-07 18:27 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-02-07 18:26 - 2014-02-07 18:27 - 00005105 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-05 21:34 - 2014-02-05 21:34 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Xpom
2014-02-05 07:29 - 2014-02-05 07:29 - 05556104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-02 07:20 - 2014-02-02 07:22 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\TP-LINK
2014-02-02 07:20 - 2014-02-02 07:20 - 00001908 _____ () C:\Documents and Settings\All Users\Desktop\TP-LINK Wireless Configuration Utility.lnk
2014-02-02 07:20 - 2014-02-02 07:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-02-02 07:19 - 2014-02-02 07:19 - 00000000 ____D () C:\Program Files\TP-LINK
2014-02-02 07:19 - 2011-12-26 14:47 - 01269854 _____ (Devicescape) C:\WINDOWS\system32\dsa.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00499796 _____ (Atheros) C:\WINDOWS\system32\acs.exe
2014-02-02 07:19 - 2011-12-26 14:47 - 00422000 _____ () C:\WINDOWS\system32\wgapi.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00405504 _____ (Atheros) C:\WINDOWS\system32\wcapi.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00360539 _____ (Atheros) C:\WINDOWS\system32\wcapiU.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00311390 _____ (Atheros) C:\WINDOWS\system32\athcfg20U.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00262216 _____ () C:\WINDOWS\system32\IPTests.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00254022 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\wsfwDS.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00249924 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\wsimd.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00237568 _____ (Atheros) C:\WINDOWS\system32\athcfg20.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00127079 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athcfg20resU.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00127053 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\athcfg20res.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00082017 _____ (Devicescape, Inc.) C:\WINDOWS\system32\dsaNac.dll
2014-02-02 07:19 - 2011-12-26 14:47 - 00058208 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\wsimd.sys
2014-02-02 07:19 - 2011-12-26 14:47 - 00058208 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\wsimd.sys
2014-02-02 07:19 - 2011-12-26 14:47 - 00042067 _____ () C:\WINDOWS\system32\wsimdp.cat
2014-02-02 07:19 - 2011-12-26 14:47 - 00042052 _____ () C:\WINDOWS\system32\wsimd.cat
2014-02-02 07:19 - 2011-12-26 14:46 - 00405582 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\jswscsup.dll
2014-02-02 07:19 - 2011-12-26 14:46 - 00057440 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\jswscimd.sys
2014-02-02 07:19 - 2011-12-26 14:46 - 00057440 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswscimd.sys
2014-02-02 07:19 - 2011-12-26 14:46 - 00035967 _____ () C:\WINDOWS\system32\jswscimdp.cat
2014-02-02 07:19 - 2011-12-26 14:46 - 00035538 _____ () C:\WINDOWS\system32\jswscimd.cat
2014-02-02 07:18 - 2012-10-18 15:04 - 01763584 ____N (Atheros Communications, Inc.) C:\WINDOWS\system32\athuw.sys
2014-02-02 07:18 - 2012-10-18 15:04 - 01763584 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuw.sys
2014-02-02 07:18 - 2012-10-18 15:04 - 00007554 ____N () C:\WINDOWS\system32\netathuw.cat
2014-02-02 07:08 - 2014-02-02 07:08 - 00003398 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-02-01 11:58 - 2014-02-01 11:58 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\WMTools Downloaded Files
2014-01-31 19:04 - 2014-02-03 20:16 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Yandex
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Opera
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Chromium
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Opera Software
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Opera
2014-01-31 19:01 - 2014-02-03 07:50 - 00000000 ____D () C:\The KMPlayer
==================== One Month Modified Files and Folders =======
2014-02-17 16:13 - 2014-02-17 16:13 - 00000000 ____D () C:\FRST
2014-02-17 16:09 - 2014-01-15 13:04 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-920026266-839522115-1003UA.job
2014-02-17 16:06 - 2013-09-25 09:40 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Skype
2014-02-17 15:56 - 2013-11-15 19:38 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 15:56 - 2013-09-12 23:01 - 00334679 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-17 15:55 - 2013-09-13 00:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-02-17 15:49 - 2013-11-15 19:38 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 15:49 - 2013-09-27 11:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-17 15:49 - 2013-09-27 11:29 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-17 15:49 - 2013-09-12 23:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-17 07:55 - 2013-10-22 22:06 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-02-17 07:55 - 2013-09-12 23:08 - 00000178 ___SH () C:\Documents and Settings\goran\ntuser.ini
2014-02-17 07:55 - 2013-09-12 23:07 - 00032630 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-17 07:29 - 2013-10-11 06:06 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-920026266-839522115-1003UA.job
2014-02-17 07:28 - 2013-09-13 02:09 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-17 06:29 - 2013-10-11 06:06 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-920026266-839522115-1003Core.job
2014-02-16 18:40 - 2014-02-16 19:24 - 00688992 ____R (Swearware) C:\Documents and Settings\goran\Desktop\dds.pif
2014-02-16 18:39 - 2014-02-16 18:39 - 00000000 ___HD () C:\WINDOWS\PIF
2014-02-16 17:31 - 2013-09-12 23:41 - 00001125 _____ () C:\WINDOWS\winamp.ini
2014-02-16 06:19 - 2014-02-16 06:19 - 00001773 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-02-16 06:19 - 2014-02-16 06:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-16 06:19 - 2014-02-16 06:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2014-02-15 13:09 - 2014-01-15 13:04 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-920026266-839522115-1003Core.job
2014-02-15 12:36 - 2013-11-15 22:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 08:32 - 2014-02-15 08:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-11 06:23 - 2013-09-12 23:53 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Mozilla
2014-02-09 10:33 - 2013-09-13 00:46 - 00000000 ____D () C:\WINDOWS\security
2014-02-09 06:52 - 2013-09-12 23:59 - 01113003 _____ () C:\WINDOWS\setupapi.log
2014-02-09 06:51 - 2014-02-09 06:51 - 00000000 ____D () C:\Program Files\Common Files\snp325
2014-02-09 06:51 - 2014-02-09 06:51 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\InstallShield
2014-02-09 06:51 - 2013-09-13 00:46 - 00000000 ____D () C:\WINDOWS\twain_32
2014-02-09 06:51 - 2008-04-14 09:00 - 00000923 _____ () C:\WINDOWS\win.ini
2014-02-08 06:36 - 2013-09-25 09:40 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-02-07 18:27 - 2014-02-07 18:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-07 18:27 - 2014-02-07 18:26 - 00005105 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-07 18:27 - 2013-09-12 23:13 - 00000000 ____D () C:\Program Files\Java
2014-02-05 21:34 - 2014-02-05 21:34 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Xpom
2014-02-05 09:24 - 2013-12-04 18:25 - 00010233 _____ () C:\WINDOWS\tsoc.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00006588 _____ () C:\WINDOWS\comsetup.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00004291 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00003758 _____ () C:\WINDOWS\netfxocm.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00001569 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00001153 _____ () C:\WINDOWS\ocmsn.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00001097 _____ () C:\WINDOWS\msgsocm.log
2014-02-05 09:24 - 2013-12-04 18:25 - 00000933 _____ () C:\WINDOWS\tabletoc.log
2014-02-05 09:24 - 2013-12-04 18:24 - 00020011 _____ () C:\WINDOWS\iis6.log
2014-02-05 09:24 - 2013-12-04 18:24 - 00019158 _____ () C:\WINDOWS\FaxSetup.log
2014-02-05 09:24 - 2013-12-04 18:24 - 00013194 _____ () C:\WINDOWS\ocgen.log
2014-02-05 09:23 - 2013-12-04 18:25 - 00005628 _____ () C:\WINDOWS\msmqinst.log
2014-02-05 09:23 - 2013-09-12 23:03 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-02-05 09:22 - 2013-09-12 23:03 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-02-05 08:33 - 2013-11-15 19:42 - 00001809 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-05 07:29 - 2014-02-05 07:29 - 05556104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-05 07:29 - 2013-09-12 23:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 07:29 - 2013-09-12 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-04 20:15 - 2008-04-14 09:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-03 20:16 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Yandex
2014-02-03 19:31 - 2013-09-13 00:29 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-02-03 07:50 - 2014-01-31 19:01 - 00000000 ____D () C:\The KMPlayer
2014-02-02 07:22 - 2014-02-02 07:20 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\TP-LINK
2014-02-02 07:20 - 2014-02-02 07:20 - 00001908 _____ () C:\Documents and Settings\All Users\Desktop\TP-LINK Wireless Configuration Utility.lnk
2014-02-02 07:20 - 2014-02-02 07:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK
2014-02-02 07:19 - 2014-02-02 07:19 - 00000000 ____D () C:\Program Files\TP-LINK
2014-02-02 07:19 - 2013-09-12 23:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-02 07:18 - 2013-10-22 22:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TP-LINK
2014-02-02 07:08 - 2014-02-02 07:08 - 00003398 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-02-01 21:29 - 2013-12-25 17:52 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-01 11:58 - 2014-02-01 11:58 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\WMTools Downloaded Files
2014-02-01 11:51 - 2013-09-13 00:52 - 00575608 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Opera
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Local Settings\Application Data\Chromium
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Opera Software
2014-01-31 19:04 - 2014-01-31 19:04 - 00000000 ____D () C:\Documents and Settings\goran\Application Data\Opera
2014-01-31 19:02 - 2013-09-12 23:56 - 00000550 _____ () C:\Documents and Settings\goran\Desktop\KMPlayer.lnk
2014-01-31 19:02 - 2013-09-12 23:56 - 00000000 ____D () C:\Documents and Settings\goran\Start Menu\Programs\The KMPlayer
2014-01-30 09:33 - 2013-11-05 20:03 - 00921624 _____ () C:\img2-001.raw
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 09:00] - [2008-04-14 09:00] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Dopuna: 17 Feb 2014 16:34
mycity.rs/must-login.png
Dopuna: 17 Feb 2014 16:36
jeli to taj dokument
|