Poslao: 22 Apr 2015 16:10
|
offline
- MinerFull
- Ugledni građanin
- Pridružio: 01 Jan 2012
- Poruke: 392
|
Od pre mozda 6 dana mi iskacu neke reklame koje zakljanjaju stranicu, nebitno na koji sajt udjem, na svakom 2-3 koji otvorim mi iskoci ta reklama
Evo kako izgleda
Nekad se desi kada kliknem na X da otvori reklamu a nekad ne..
Uglavnom, skenirao sam sa Malwarebytes, obrisao sam sve sto je nasao, evo log fajl
https://www.mycity.rs/must-login.png
Btw. evo sad kad sam pritisnuo "Prikaci fajl" otvorilo mi je neki popup sa nekim SPAM sajtom..
I desava mi se kad udjem na neki sajt, nebitno koji da me redirektuje na onu reklamu kao sa slike iznad..
FRST.txt
http://pastebin.com/thV5nQBC
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Nenad (administrator) on NENAD-PC on 22-04-2015 16:08:49
Running from C:\Users\Nenad\Downloads
Loaded Profiles: Nenad (Available profiles: Nenad)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acunetix Ltd.) C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9f9a-d6fd-11e4-986d-00192122ab68} - E:\autoplay.exe
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9fa3-d6fd-11e4-986d-00192122ab68} - F:\autoplay.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 89.216.39.251 89.216.39.252
FireFox:
========
FF ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Extension: No Name - C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [Not Found]
FF Extension: No Name - C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Hackers toolkit) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnniaejgfdelaafcjopndjdebjfnkljf [2015-02-19]
CHR Extension: (Postcron) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kahoebmmfnjmjcbclecdkhiapmefpaed [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R4 AcuWVSSchedulerv6; C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [994952 2008-11-27] (Acunetix Ltd.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-03-30] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-08-03] (The OpenVPN Project)
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-22 16:00 - 2015-04-22 16:01 - 00027312 _____ () C:\Users\Nenad\Downloads\Addition.txt
2015-04-22 15:59 - 2015-04-22 16:09 - 00008099 _____ () C:\Users\Nenad\Downloads\FRST.txt
2015-04-22 15:59 - 2015-04-22 16:08 - 00000000 ____D () C:\FRST
2015-04-22 15:57 - 2015-04-22 15:58 - 01139200 _____ (Farbar) C:\Users\Nenad\Downloads\FRST.exe
2015-04-22 12:08 - 2015-04-22 12:08 - 00002486 _____ () C:\Windows\PFRO.log
2015-04-21 23:25 - 2015-04-22 12:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-21 23:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-21 23:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-21 23:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 23:23 - 2015-04-21 23:23 - 00000000 ____D () C:\Users\Nenad\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012 Final + Keys [ATOM]
2015-04-21 23:05 - 2015-04-21 23:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-21 23:04 - 2015-04-21 23:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-20 21:26 - 2015-04-20 21:26 - 00000000 ____D () C:\Windows\pss
2015-04-20 21:12 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\WhIIteDealS
2015-04-20 21:12 - 2015-04-20 21:12 - 00000020 _____ () C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-04-20 21:12 - 2015-04-20 21:12 - 00000000 ____D () C:\ProgramData\9711858832783921383
2015-04-15 22:20 - 2015-04-15 22:20 - 00094771 _____ () C:\Users\Nenad\Downloads\RadndomAP-01.cap
2015-04-15 16:10 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-15 16:10 - 2015-04-15 16:10 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-15 16:08 - 2015-04-15 16:09 - 00243312 _____ () C:\Users\Nenad\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-15 15:38 - 2015-04-15 15:38 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-04-15 15:38 - 2015-04-15 15:38 - 00002036 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-04-15 15:38 - 2015-04-15 15:38 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Thunderbird
2015-04-15 15:38 - 2015-04-15 15:38 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Thunderbird
2015-04-15 15:37 - 2015-04-15 15:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-15 15:36 - 2015-04-15 15:37 - 28906464 _____ (Mozilla) C:\Users\Nenad\Downloads\Thunderbird Setup 31.6.0.exe
2015-04-13 12:30 - 2015-04-13 12:31 - 08694257 _____ () C:\Users\Nenad\Downloads\Eys0.rar
2015-04-11 15:53 - 2015-04-11 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-04-11 15:53 - 2015-04-11 15:53 - 00000000 ____D () C:\Program Files\Pandora Recovery
2015-04-11 15:52 - 2015-04-11 15:53 - 02438824 _____ () C:\Users\Nenad\Downloads\PandoraRecovery.exe
2015-04-11 15:49 - 2015-04-11 15:49 - 01348221 _____ (iCare Recovery ) C:\Users\Nenad\Downloads\icaredrs.exe
2015-04-10 13:20 - 2015-04-10 13:20 - 00253704 _____ () C:\Users\Nenad\Downloads\franchise.zip
2015-04-10 02:09 - 2015-04-10 02:09 - 06208736 _____ (Tim Kosse) C:\Users\Nenad\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-10 02:09 - 2015-04-10 02:09 - 06196576 _____ (Tim Kosse) C:\Users\Nenad\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-09 15:09 - 2015-04-09 15:09 - 00000320 _____ () C:\Users\Nenad\Downloads\accesslog_cinjenice.net_4_9_2015.gz
2015-04-09 00:33 - 2015-04-09 00:34 - 00510179 _____ () C:\Users\Nenad\Downloads\5724937.w3g
2015-04-08 22:14 - 2015-04-08 22:16 - 00454845 _____ () C:\Users\Nenad\Downloads\wpex-photo.zip
2015-04-08 22:10 - 2015-04-08 22:10 - 02410140 _____ () C:\Users\Nenad\Downloads\market.1.0.0.8.zip
2015-04-08 20:29 - 2015-04-08 20:30 - 01168214 _____ () C:\Users\Nenad\Downloads\open-sans.zip
2015-04-08 19:59 - 2015-04-08 19:59 - 00399591 _____ () C:\Users\Nenad\Downloads\quicksand.zip
2015-04-08 19:38 - 2015-04-08 19:39 - 00989738 _____ () C:\Users\Nenad\Downloads\Colorful-brain-icons.zip
2015-04-08 19:21 - 2015-04-08 19:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-08 15:20 - 2015-04-08 15:20 - 00001095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
2015-04-08 15:20 - 2015-04-08 15:20 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2015-04-08 15:19 - 2015-04-08 20:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-08 15:18 - 2015-04-08 15:20 - 00000000 ____D () C:\Program Files\Adobe
2015-04-08 15:18 - 2015-04-08 15:18 - 00001365 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2015-04-08 15:17 - 2015-04-10 13:15 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Adobe
2015-04-08 15:17 - 2015-04-08 20:47 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Adobe
2015-04-08 15:17 - 2015-04-08 15:17 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-08 15:12 - 2015-04-08 15:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-08 15:04 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\Downloads\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}
2015-04-08 13:21 - 2015-04-08 13:39 - 1339820827 ____R () C:\Users\Nenad\Downloads\Adobe Photoshop CS4 + Keygen.rar
2015-04-08 13:06 - 2015-04-08 13:06 - 00903077 _____ () C:\Users\Nenad\Downloads\5724502.w3g
2015-04-07 18:16 - 2015-04-07 18:16 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-07 13:28 - 2015-04-22 12:08 - 00002714 _____ () C:\Windows\setupact.log
2015-04-07 13:28 - 2015-04-07 13:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 14:22 - 2015-04-04 14:22 - 00000000 ____D () C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf
2015-04-04 14:21 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace}
2015-04-04 14:17 - 2015-04-04 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-04-04 14:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-04 14:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-04 14:15 - 2015-04-04 14:35 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Winamp
2015-04-04 14:15 - 2015-04-04 14:17 - 00000000 ____D () C:\Program Files\Winamp
2015-04-04 14:15 - 2015-04-04 14:15 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-04-04 14:12 - 2015-04-04 14:14 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Nenad\Downloads\winamp5666_full_all.exe
2015-04-03 19:23 - 2015-04-03 19:23 - 01275151 _____ () C:\Users\Nenad\Downloads\video-1428081247.mp4.mp4
2015-04-03 00:29 - 2015-04-03 00:32 - 67071457 _____ () C:\Users\Nenad\Downloads\gmail_db.zip
2015-03-31 14:53 - 2015-04-06 16:03 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 22:38 - 2015-03-30 22:39 - 08271624 _____ () C:\Users\Nenad\Downloads\DotA v6.81c.w3x
2015-03-30 22:38 - 2015-03-30 22:39 - 08271430 _____ () C:\Users\Nenad\Downloads\DotA v6.81d.w3x
2015-03-30 22:36 - 2015-03-30 22:36 - 00000044 _____ () C:\Windows\wawx_dumpreg64.dll
2015-03-30 22:36 - 2015-03-30 22:36 - 00000044 _____ () C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat
2015-03-30 22:35 - 2015-03-31 15:24 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Eurobattle.net
2015-03-30 22:33 - 2015-03-31 15:24 - 00000000 ____D () C:\Program Files\Eurobattle.net
2015-03-30 22:33 - 2015-03-30 22:33 - 00000979 _____ () C:\Users\Nenad\Desktop\Eurobattle.net Client.lnk
2015-03-30 22:30 - 2015-03-30 22:31 - 08990552 _____ (Microsoft Corporation) C:\Users\Nenad\Downloads\vcredist_x86.exe
2015-03-30 22:27 - 2015-03-30 22:27 - 00414692 _____ () C:\Users\Nenad\Downloads\msvcr100.zip
2015-03-30 22:25 - 2015-03-30 22:25 - 00431936 _____ (Microsoft Corporation) C:\Users\Nenad\Downloads\msvcp100.dll
2015-03-30 22:22 - 2015-03-30 22:22 - 00000156 _____ () C:\Users\Nenad\Downloads\prepatch.log
2015-03-30 22:19 - 2015-03-30 22:20 - 08219130 _____ () C:\Users\Nenad\Downloads\DotA v6.83c.w3x
2015-03-30 22:17 - 2015-03-30 22:22 - 00055292 _____ () C:\Windows\War3Unin.dat
2015-03-30 22:17 - 2015-03-30 22:21 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2015-03-30 22:17 - 2015-03-30 22:21 - 00002829 _____ () C:\Windows\War3Unin.pif
2015-03-30 22:17 - 2015-03-30 22:21 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 22:17 - 2015-03-30 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 22:13 - 2015-04-22 13:18 - 00000000 ____D () C:\Program Files\Warcraft III
2015-03-30 22:10 - 2015-04-06 16:04 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:34 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:10 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-30 22:09 - 2015-03-30 22:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-30 22:08 - 2015-03-30 22:09 - 13146016 _____ (Disc Soft Ltd) C:\Users\Nenad\Downloads\DTLite501-0406.exe
2015-03-30 22:05 - 2015-03-30 22:10 - 58718061 _____ (Blizzard Entertainment) C:\Users\Nenad\Downloads\War3TFT_126a_English.exe
2015-03-30 22:05 - 2015-03-30 22:06 - 22721781 _____ () C:\Users\Nenad\Downloads\installer_v5.zip
2015-03-30 21:39 - 2015-03-30 22:05 - 00000000 ____D () C:\Users\Nenad\Downloads\Warcraft 3 Reign of Chaos and Frozen Throne (zabranjeno)ed
2015-03-30 21:38 - 2015-04-21 23:24 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\BitTorrent
2015-03-30 21:38 - 2015-03-30 21:38 - 00000851 _____ () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-30 21:36 - 2015-03-30 21:36 - 00695112 _____ () C:\Users\Nenad\Downloads\[kickass.to]warcraft.3.reign.of.chaos.and.frozen.throne.(zabranjeno)ed.torrent
2015-03-30 21:31 - 2015-03-30 21:31 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-03-30 21:31 - 2015-03-30 21:31 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2015-03-30 21:30 - 2015-03-30 21:30 - 00000000 ____D () C:\ProgramData\Sun
2015-03-30 21:30 - 2015-03-30 21:30 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-30 21:30 - 2015-03-30 21:29 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\Program Files\Java
2015-03-30 01:11 - 2015-03-30 01:12 - 00000000 ____D () C:\Program Files\Sublime Text 3
2015-03-30 01:08 - 2015-03-30 01:08 - 00002265 _____ () C:\Users\Nenad\Downloads\index.html
2015-03-30 01:04 - 2015-03-30 01:05 - 00299040 _____ () C:\Users\Nenad\Downloads\webuild.zip
2015-03-28 16:28 - 2015-03-28 16:28 - 00476836 _____ () C:\Users\Nenad\Downloads\m-addimg.zip
2015-03-28 16:27 - 2015-03-28 16:28 - 01594173 _____ () C:\Users\Nenad\Downloads\addimg.zip
2015-03-24 18:37 - 2015-03-24 18:38 - 00000810 _____ () C:\Windows\WVS_InstDBLogFile.csv
2015-03-24 18:37 - 2015-03-24 18:37 - 00000016 _____ () C:\Windows\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2015-03-24 18:37 - 2015-03-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 6
2015-03-24 18:37 - 2015-03-24 18:37 - 00000000 ____D () C:\Program Files\Acunetix
2015-03-23 20:22 - 2015-03-23 20:23 - 08710187 _____ () C:\Users\Nenad\Downloads\253099.zip
2015-03-23 00:45 - 2015-03-23 00:46 - 00186592 _____ () C:\Users\Nenad\Downloads\v3.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-22 15:22 - 2015-02-19 21:17 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 12:13 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 12:13 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 12:11 - 2015-02-20 06:05 - 00282436 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 12:08 - 2015-02-19 22:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 12:08 - 2015-02-19 21:17 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 12:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 06:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-17 14:57 - 2015-03-18 14:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 16:12 - 2015-02-19 21:14 - 00000000 ____D () C:\Users\Nenad
2015-04-14 17:09 - 2015-02-19 21:16 - 00058864 _____ () C:\Users\Nenad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 15:31 - 2009-07-14 06:33 - 02221952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-13 19:00 - 2015-02-20 22:43 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Skype
2015-04-13 18:56 - 2015-02-20 22:40 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2015-04-12 21:32 - 2015-02-22 21:04 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\TS3Client
2015-04-11 15:30 - 2015-02-19 21:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 02:41 - 2015-02-27 15:36 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\FileZilla
2015-04-09 17:35 - 2015-03-07 00:34 - 00000000 ____D () C:\Users\Nenad\Desktop\Files
2015-04-06 16:04 - 2015-02-19 21:21 - 00000000 ____D () C:\Program Files\Steam
2015-03-30 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-30 22:27 - 2012-08-17 10:38 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2015-03-30 22:22 - 2015-02-19 21:14 - 00000000 ____D () C:\Users\Nenad\AppData\Local\VirtualStore
2015-03-30 01:12 - 2015-02-21 14:57 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Sublime Text 3
2015-03-28 18:27 - 2015-02-25 22:40 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\mIRC
2015-03-28 17:59 - 2015-02-22 17:37 - 00000000 ____D () C:\Users\Nenad\Documents\Hackin
2015-03-25 16:08 - 2015-02-19 21:21 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-03-25 15:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\LiveKernelReports
==================== Files in the root of some directories =======
2015-04-20 21:12 - 2015-04-20 21:12 - 0000020 _____ () C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-03-30 22:36 - 2015-03-30 22:36 - 0000044 _____ () C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat
Some content of TEMP:
====================
C:\Users\Nenad\AppData\Local\Temp\6FC4.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-14 17:35
Addition.txt
https://www.mycity.rs/must-login.png
|
|
|
|
|
Poslao: 22 Apr 2015 19:57
|
offline
- MinerFull
- Ugledni građanin
- Pridružio: 01 Jan 2012
- Poruke: 392
|
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by Nenad at 2015-04-22 19:42:48 Run:1
Running from C:\Users\Nenad\Desktop
Loaded Profiles: Nenad (Available profiles: Nenad)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9f9a-d6fd-11e4-986d-00192122ab68} - E:\autoplay.exe
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9fa3-d6fd-11e4-986d-00192122ab68} - F:\autoplay.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {B824B36B-E356-44F5-B0D1-0FC4E7161701} - System32\Tasks\{9283D877-1004-4BD7-8727-8DDC57092DB7} => pcalua.exe -a "C:\Program Files\DiscountMan\DiscountMan.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
C:\Program Files\WhIIteDealS
C:\Program Files\DiscountMan
EmptyTemp:
*****************
"HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98d9f9a-d6fd-11e4-986d-00192122ab68}" => Key deleted successfully.
HKCR\CLSID\{b98d9f9a-d6fd-11e4-986d-00192122ab68} => Key not found.
"HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98d9fa3-d6fd-11e4-986d-00192122ab68}" => Key deleted successfully.
HKCR\CLSID\{b98d9fa3-d6fd-11e4-986d-00192122ab68} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B824B36B-E356-44F5-B0D1-0FC4E7161701}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B824B36B-E356-44F5-B0D1-0FC4E7161701}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9283D877-1004-4BD7-8727-8DDC57092DB7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9283D877-1004-4BD7-8727-8DDC57092DB7}" => Key deleted successfully.
C:\Program Files\WhIIteDealS => Moved successfully.
"C:\Program Files\DiscountMan" => File/Directory not found.
EmptyTemp: => Removed 490.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:43:20 ====
AdwCleaner[S0]
# AdwCleaner v4.201 - Logfile created 22/04/2015 at 19:51:49
# Updated 08/04/2015 by Xplode
# Database : 2015-04-22.1 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : Nenad - NENAD-PC
# Running from : C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
-\\ Google Chrome v42.0.2311.90
[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
*************************
AdwCleaner[R0].txt - [1439 bytes] - [22/04/2015 19:47:23]
AdwCleaner[S0].txt - [1374 bytes] - [22/04/2015 19:51:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1433 bytes] ##########
Ali i dalje prikazuje.. Cim sam usao na mycity.rs izbacilo je reklamu
|
|
|
|
|
Poslao: 22 Apr 2015 23:32
|
offline
- MinerFull
- Ugledni građanin
- Pridružio: 01 Jan 2012
- Poruke: 392
|
Sass Drake ::Nisi mi odgovorio na pitanje.
Citat:Da li si ti instalirao developer verziju Chromea?
Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:
C:\FRST\Quarantine
i
C:\AdwCleaner
i pošalji ih preko sljedećeg linka:
http://www.mycity.rs/ambulanta-upload.php
Javi kada to uradiš i sačekaj dalja uputstva.
Nisam instalirao
Uploadovao sam
AdwCleaner.zip i Quarantine.zip
|
|
|
|
|
Poslao: 23 Apr 2015 00:31
|
offline
- MinerFull
- Ugledni građanin
- Pridružio: 01 Jan 2012
- Poruke: 392
|
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Nenad on Thu 04/23/2015 at 0:25:18.84.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nenad\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
4/23/2015 12:26:25 AM Zoek.exe System Restore Point Created Successfully.
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Users\Nenad\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]
R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservice.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wampapache] - wampapache - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
S3 - [wampmysqld] - wampmysqld - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AcuWVSSchedulerv6] - Acunetix WVS Scheduler v6 - c:\program files\acunetix\web vulnerability scanner 6\wvsscheduler.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
S4 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
S4 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S4 - [Steam Client Service] - Steam Client Service - c:\program files\common files\steam\steamservice.exe
==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-03-30 20:36:12 D74A626B9A1901C92AEC32C6C6A67B1F 44 ----a-w- C:\Windows\wawx_dumpreg64.dll
2015-03-30 20:17:30 A83A44F0E9A25899B1D8E41471C50790 139264 ----a-w- C:\Windows\War3Unin.exe
2015-03-30 20:17:30 93E89D2C2656A531EC0F63A48E0EA5A9 2829 ----a-w- C:\Windows\War3Unin.pif
2015-03-30 20:17:30 5FD76C915BF14161B927A1DB0904C47A 55292 ----a-w- C:\Windows\War3Unin.dat
2015-03-24 16:37:17 AA08703FB73D6A0DD236C953245C76A8 810 ----a-w- C:\Windows\WVS_InstDBLogFile.csv
====== C:\Users\Nenad\AppData\Local\Temp ====
====== Java Cache =====
2015-03-30 19:31:37 FCE549C95F3578DF675773341880E2EF 104 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2c0614c1-20e118fe
2015-03-30 19:31:20 54BB713D2C14D1594E9D3583098761FA 383 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6959d70b-7c7b3a0a9da2bf10294f71fd4aedfa6cfe9e58eafd9b8e6f56026bf0948f270e-6.0.lap
2015-03-30 19:31:26 3C648330F23D5DFB80ED9093888D4ECD 111 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1811190-23225616b39adad84a980225e3f8165c173e9adb468fc798cc52c1c14ce85991-6.0.lap
2015-03-30 19:31:22 8CC3D7E8A334FDAEE112387186AA7254 331805 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5e830bdb-3dc2de43
2015-03-30 19:32:23 44F627191DA830E7D54BC4E3D363FC2C 111 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5e362d22-6e8993bf4c5ff50ea068382540126d5ba9d463de7b98c56b2a6952dcffd57256-6.0.lap
2015-03-30 19:31:23 81F285F6F88BAF4C595D89CB63B1CFF1 9442 ----a-w- C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-134f69a3
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2015-04-21 21:25:19 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-21 21:24:45 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-21 21:24:45 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-21 21:24:45 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-30 20:10:20 4F3D9183A9A4203ED29F7AE1D0B55923 25104 ----a-w- C:\Windows\System32\drivers\dtlitescsibus.sys
====== C:\Windows\Tasks ======
2015-04-22 22:22:39 E00CFC408ECE37F27F4F180C066DA91A 3880 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2015-04-22 22:22:39 41C1CA25E0519E039E559F77F862DEC8 884 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 22:22:38 E7DE240A086E1F76355DB8F6DE02E70B 880 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 22:22:38 B8D63DC39D174F16D58611C473F54C84 3628 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-21 21:05:53 -------- d-----w- C:\Program Files\Enigma Software Group
2015-04-15 13:37:56 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2015-04-11 13:53:21 -------- d-----w- C:\Program Files\Pandora Recovery
2015-04-08 13:18:28 -------- d-----w- C:\Program Files\Adobe
2015-04-08 13:16:39 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2015-04-08 13:12:26 -------- d-----w- C:\Program Files\Common Files\Adobe
2015-04-08 13:05:42 -------- d-----w- C:\Program Files\WinRAR
2015-04-04 12:15:53 -------- d-----w- C:\Program Files\Common Files\PX Storage Engine
2015-04-04 12:15:37 -------- d-----w- C:\Program Files\Winamp
2015-03-30 20:33:54 -------- d-----w- C:\Program Files\Eurobattle.net
2015-03-30 20:13:44 -------- d-----w- C:\Program Files\Warcraft III
2015-03-30 20:10:16 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2015-03-30 19:31:36 -------- d-----w- C:\Program Files\SystemRequirementsLab
2015-03-30 19:30:04 -------- d-----w- C:\Program Files\Common Files\Java
2015-03-30 19:29:07 -------- d-----w- C:\Program Files\Java
2015-03-29 23:11:55 -------- d-----w- C:\Program Files\Sublime Text 3
2015-03-24 16:37:32 -------- d-----w- C:\Program Files\Acunetix
======= C: =====
====== C:\Users\Nenad\AppData\Roaming ======
2015-04-20 19:12:59 E5DF6F115D6E6831397706E7230D4357 20 ----a-w- C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-04-15 13:38:10 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Thunderbird
2015-04-15 13:38:10 -------- d-----w- C:\Users\Nenad\AppData\Local\Thunderbird
2015-04-08 13:17:30 -------- d-----w- C:\Users\Nenad\AppData\Local\Adobe
2015-04-08 13:17:25 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Adobe
2015-04-08 13:05:56 -------- d-----w- C:\Users\Nenad\AppData\Roaming\WinRAR
2015-04-08 13:05:46 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-07 16:16:43 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 12:15:37 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Winamp
2015-03-30 20:36:12 D74A626B9A1901C92AEC32C6C6A67B1F 44 ----a-w- C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat
2015-03-30 20:35:54 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Eurobattle.net
2015-03-30 20:17:30 -------- d-----w- C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 20:10:19 -------- d-----w- C:\Users\Nenad\AppData\Roaming\DAEMON Tools Lite
2015-03-30 19:38:01 -------- d-----w- C:\Users\Nenad\AppData\Roaming\BitTorrent
2015-03-30 19:26:18 -------- d-----w- C:\Users\Nenad\AppData\Locallow\Sun
====== C:\Users\Nenad ======
2015-04-22 22:24:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-22 17:46:40 0EFDC1550592DC0C4E73AFFB54B35C3E 2217984 ----a-w- C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
2015-04-22 13:57:50 C765F19FB36C4C140DDB6FC2556DF438 1139200 ----a-w- C:\Users\Nenad\Desktop\FRST.exe
2015-04-21 21:04:54 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-20 19:12:12 -------- d-----w- C:\ProgramData\9711858832783921383
2015-04-15 14:08:33 FD7E4228343CAD019B260F477814660C 243312 ----a-w- C:\Users\Nenad\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-15 13:36:43 CA2AC7E2B2F8C5D2DB35F264D88BDCE6 28906464 ----a-w- C:\Users\Nenad\Downloads\Thunderbird Setup 31.6.0.exe
2015-04-11 13:53:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-04-11 13:52:52 361620395B08C664C69D4F6DFBFFF5D0 2438824 ----a-w- C:\Users\Nenad\Downloads\PandoraRecovery.exe
2015-04-11 13:49:25 73971EE78CCA8ABF57CFCDE17FD62F63 1348221 ----a-w- C:\Users\Nenad\Downloads\icaredrs.exe
2015-04-10 00:09:30 4CEBFBDD7756C30B54AD0EBCBAFE420E 6196576 ----a-w- C:\Users\Nenad\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-10 00:09:17 D537D8BA8C5E9E69B345AB9DC2001DC7 6208736 ----a-w- C:\Users\Nenad\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-08 17:21:43 -------- d-----w- C:\ProgramData\FLEXnet
2015-04-08 13:19:58 -------- d-----w- C:\ProgramData\Adobe
2015-04-08 13:05:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 12:22:35 -------- d-----w- C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf
2015-04-04 12:21:36 -------- d-----w- C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace}
2015-04-04 12:17:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-30 20:17:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 20:10:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-30 20:09:51 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2015-03-30 19:31:36 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2015-03-30 19:30:05 -------- d-----w- C:\ProgramData\Sun
2015-03-30 19:29:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-30 19:29:21 -------- d-----w- C:\ProgramData\Oracle
2015-03-24 16:37:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 6
====== C: exe-files ==
2015-04-22 22:24:05 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files\Google\Update\Install\{E1B4B817-262C-4621-A9AD-F591E4DF175F}\42.0.2311.90_chrome_installer.exe
2015-04-22 22:24:04 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.90\42.0.2311.90_chrome_installer.exe
2015-04-22 22:22:36 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-04-22 22:22:36 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2015-04-22 22:22:36 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-04-22 22:22:36 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-04-22 22:22:36 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-04-22 22:22:35 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-04-22 22:22:35 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-04-22 22:22:35 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-04-22 22:22:35 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-04-22 19:04:32 60195A541502A2BE819FBAB18CEF852F 5600504 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\000074d7\DAO.19510325.exe
2015-04-22 17:46:40 0EFDC1550592DC0C4E73AFFB54B35C3E 2217984 ----a-w- C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
2015-04-22 13:57:50 C765F19FB36C4C140DDB6FC2556DF438 1139200 ----a-w- C:\Users\Nenad\Desktop\FRST.exe
2015-04-21 21:06:24 17426389724648E011FDC17D5DE1ECED 21888 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe
2015-04-21 21:06:00 FD947F1CBB022C1DC138013049F5E33A 7125376 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
2015-04-21 21:06:00 B785670E201B2CA20E91BF8D7B0D4D2A 771456 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
2015-04-21 21:04:54 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-21 19:03:21 21A2222D40A8FEB6A3085593FCECAA9C 5600000 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\000074bc\DAO.19509496.exe
2015-04-21 17:08:26 89235F5A8640B0CE7047D8EF8A36C3DE 675256 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-04-21 17:08:22 8F374DAEFCE0540EDCC2421185E857C7 172984 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-04-20 19:02:01 AECA539B74D4D1FA72DA4860D5DC69D8 5446104 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007455\DAO.19506225.exe
2015-04-20 19:01:49 B1064204F531B105D900CC2EB7D1A0AA 448976 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007440\CoProc update.19499926.exe
2015-04-16 18:17:51 C97A777527C6FBD382CE855A7C9D0086 5408240 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007433\DAO.19497234.exe
2015-04-16 18:17:43 BE936912DFF46B5C26ED7F5391E5BFF0 448872 ----a-w- C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007424\CoProc update.19493902.exe
=== C: other files ==
2015-04-21 21:25:19 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-21 21:24:45 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-21 21:24:45 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-21 21:24:45 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-21 21:06:24 FD947F1CBB022C1DC138013049F5E33A 7125376 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com
2015-04-21 21:06:13 9264DD96883E5769EE79CB43E712BE9E 16432 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2015-04-21 21:06:07 01CE484FF6D70A39479BC6D619DE7ED6 19984 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3714452422-3355782321-1450825522-1001\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Viber"
"hkey"="HKCU"
"command"="\"C:\\Users\\Nenad\\AppData\\Local\\Viber\\Viber.exe\" StartMinimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nenad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BALKAN PARTY MIX 2015 _VOL 1_.lnk]
"path"="C:\\Users\\Nenad\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BALKAN PARTY MIX 2015 _VOL 1_.lnk"
"backup"="C:\\Windows\\pss\\BALKAN PARTY MIX 2015 _VOL 1_.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\{1BBA3~1\\BALKAN~1.EXE --startup=1"
"item"="BALKAN PARTY MIX 2015 _VOL 1_"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AcuWVSSchedulerv6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/23/2015 12:22 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/23/2015 12:22 AM]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
==== Firefox Proxy Settings ======================
ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
user_pref("network.proxy.type", 4);
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
- Undetermined - %ProfilePath%\extensions\staged
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C454432F43C61767873DA91885759471 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
954FAB833273DCBC3254E95D2AAF0C46 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
65F86262898A3C50CBD6BF8A9840A7EA - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U40
CA8A2850F3BFDF9F98BC91236620B146 - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.400.26
==== Chromium Look ======================
Docs - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on Thu 04/23/2015 at 0:29:13.34 ======================
|
|
|
|
|
|
|