Facebook locked - Chrome malware

1

Facebook locked - Chrome malware

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 43

Pozdrav,

imam jedan problem. Juče me Facebook u toku chata izbacio i tražio mi da se ponovo logujem. Nakon logovanja Fb browser uopšte nije prepoznao, pa mi je tražio kod koji je stigao na telefon. Nakon toga sam dobio ovu poruku:

Citat:Your account is temporarily locked
Your account has been temporarily locked because we have detected malicious software on your computer. Malware is malicious software that tries to access your personal information, slows your connection, and could cause other problems when you use Facebook. Your computer can become infected with malware when you click or share spammy links.
To get help removing the malware, click Continue. Once the malware is removed, you can log in to your account.


Postoji opcija da se ide dalje, ali zahtjeva instaliranje njihovog plugina, koji koliko ja znam šalje system report na njihov server.

Na svoj nalog se mogu ulogovati sa drugih browsera, samo sa Chroma ne mogu. Očistio sam temp i ostalo, i dalje ista stvar.

Odradio sam i Qualys Browser Scan



DDS izvještaj

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.40.2
Run by WINXPSP3 at 17:51:57 on 2013-10-07
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.2047.228 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programi\PrintScreen\PrintScreen.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nlssrv32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SafeIP\SafeIPs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\16.0.1196.80\opera_crashreporter.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\16.0.1196.80\opera.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112670&tt=0112_7&babsrc=HP_sst&mntrId=382e2b6200000000000000e07d9768df
uProxyOverride = localhost; 127.0.0.1; <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uWindows: Run =
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] "d:\programi\printscreen\PrintScreen.exe" /nosplash
uRun: [Facebook Update] "c:\documents and settings\winxpsp3\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [Google Update] "c:\documents and settings\winxpsp3\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [NPSStartup] <no file>
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - d:\programi\office~1\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\winxpsp3\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - d:\programi\office~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\SafeIPs.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10DD475A-6EB7-442E-87A5-5F2C5371D1BE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4E01282E-0F11-4D1E-A009-3C40CEECC15B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\winxpsp3\application data\mozilla\firefox\profiles\hop2y92e.default-1370301973984\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\docume~1\winxpsp3\applic~1\powerc~1\nppowerloader.dll
FF - plugin: c:\documents and settings\winxpsp3\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\winxpsp3\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\winxpsp3\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\winxpsp3\local settings\application data\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\documents and settings\winxpsp3\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\winxpsp3\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\winxpsp3\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nplightshot\3.4.0.55\npLightshot.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-08-26 01:11; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\winxpsp3\application data\mozilla\firefox\profiles\hop2y92e.default-1370301973984\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-09 00:22; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\documents and settings\winxpsp3\application data\mozilla\firefox\profiles\hop2y92e.default-1370301973984\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-10 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2013-9-19 44632]
R1 pfmfs_7D5;pfmfs_7D5;c:\windows\system32\drivers\pfmfs_7D5.sys [2012-12-10 199416]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/03 13:47:52];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-8-26 87536]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-4-30 238952]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-12-8 66560]
R2 SafeIPS;SafeIPS;c:\program files\safeip\SafeIPS.exe [2013-10-3 3860480]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-26 4150112]
R2 vcs;vcs;c:\documents and settings\winxpsp3\desktop\av vcs 3.0\Vcs.sys [2013-5-7 6852]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-4-30 36608]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2012-7-15 26112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\winvdedrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\openvpn technologies\privatetunnel\core\capiws.exe [2012-12-14 24064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-3 1684736]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdxp3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2013-4-10 2438696]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2011-5-3 12672]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-8-19 84248]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-4-30 20032]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-8-19 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2013-8-19 181912]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-06 21:15:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-06 21:00:46 -------- d-----w- c:\documents and settings\winxpsp3\local settings\application data\Opera Software
2013-10-06 21:00:28 -------- d-----w- c:\documents and settings\winxpsp3\application data\Opera Software
2013-10-06 19:08:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 17:33:45 373760 ----a-w- c:\windows\system32\SafeIPs.dll
2013-10-03 17:33:42 -------- d-----w- c:\program files\SafeIP
2013-10-01 07:48:59 63384 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2013-10-01 07:48:58 3215256 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-10-01 07:48:58 301464 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2013-10-01 07:48:57 274840 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-10-01 07:48:57 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-10-01 07:48:56 116632 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-10-01 07:48:53 74648 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-10-01 07:48:53 271256 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-10-01 07:48:50 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-09-29 14:30:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-09-29 14:30:57 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-29 13:59:45 -------- d-----w- c:\program files\ShrewSoft
2013-09-28 23:30:12 -------- d-----w- c:\program files\iPod
2013-09-28 23:29:53 -------- d-----w- c:\program files\iTunes
2013-09-28 23:29:53 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-19 19:21:31 743248 ----a-w- c:\windows\system32\msvcp100d.dll
2013-09-19 19:21:31 1498960 ----a-w- c:\windows\system32\msvcr100d.dll
2013-09-19 19:21:30 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2013-09-09 20:59:41 -------- d-----w- c:\documents and settings\winxpsp3\local settings\application data\Michele_Locati
2013-09-09 20:59:00 -------- d-----w- c:\program files\BetterPoEditor
2013-09-08 23:09:18 -------- d-----w- c:\program files\Skillbrains
2013-09-08 23:09:13 -------- d-----w- c:\program files\nplightshot
.
==================== Find3M ====================
.
2013-10-06 19:07:53 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-06 19:07:51 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-06 19:07:50 790440 -c--a-w- c:\windows\system32\deployJava1.dll
2013-10-06 15:52:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-06 15:52:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-17 05:18:46 196582 ----a-w- c:\windows\system32\drivers\aStandard.bin
2013-08-08 08:16:57 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-08-08 08:16:57 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2013-08-02 17:29:58 217176 ----a-w- c:\windows\system32\unrar.dll
.
============= FINISH: 17:53:48,51 ===============


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, aleksey



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt




Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 43

Odradio sam scan sa AdwCleaner-om.

U prilogu je i izvještaj.

GMER ne mogu pokrenuti, restartuje mi računar i blue screen se pojavljuje.

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, pokusacemo na drugi nacin



Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 43

Poštovani,

u prilogu je TDS izvještaj:


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, to bi bilo cisto Smile

Sada uradi sledece


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 32bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 43

Poštovani,

u prilogu je FRST log i dodatni izvještaj

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by WINXPSP3 (administrator) on PC-E1A9268535A6 on 08-10-2013 22:09:13
Running from C:\Documents and Settings\WINXPSP3\Desktop\sajt
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\Mixer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Gadwin Systems, Inc) D:\programi\PrintScreen\PrintScreen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MyCity) C:\Program Files\MCShield\mcshieldrtm.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SafeIP) C:\Program Files\SafeIP\SafeIPs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.80\opera.exe
() C:\Program Files\Opera\16.0.1196.80\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.80\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.80\opera.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.80\opera.exe
(Michele Locati) C:\Program Files\BetterPoEditor\BetterPoEditor.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.80\opera.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [2215064 2010-08-12] (ESET)
HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [Gadwin PrintScreen] - D:\programi\PrintScreen\PrintScreen.exe [495616 2008-12-09] (Gadwin Systems, Inc)
HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-08-01] (Facebook Inc.)
HKCU\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [607232 2013-02-10] (MyCity)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-05-03] (Google Inc.)
HKCU\...\Run: [ASUS SmartDoctor] - C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [1114112 2007-07-18] (ASUSTeK Inc.)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
MountPoints2: {73cd245f-d73e-11e1-a02f-00e07d9768df} - F:\silent.exe
HKU\Administrator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)
HKU\Administrator\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\Default User\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A8FBEFA495FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-ba
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 02 C:\WINDOWS\system32\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 30 C:\WINDOWS\system32\SafeIPs.dll [373760] (SafeIP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\Firefox\Profiles\hop2y92e.default-1370301973984
FF Homepage: hxxp://www.google.ba/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: LSNPAPI - C:\Program Files\nplightshot\3.4.0.55\npLightshot.dll (Skillbrains)
FF Plugin HKCU: @powerchallenge.com/PowerLoader - C:\DOCUME~1\WINXPSP3\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicla.xml
FF Extension: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\Firefox\Profiles\hop2y92e.default-1370301973984\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: No Name - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\Firefox\Profiles\hop2y92e.default-1370301973984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: google.ba/
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.8\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.8\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.8\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\WINXPSP3\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Power Challenge Loader) - C:\DOCUME~1\WINXPSP3\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (Note Board Web) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apgackkfllmckgkbdfmbfodpinmnnpab\1.0.5_0
CHR Extension: (WOT) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0
CHR Extension: (Proxy Switchy!) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0
CHR Extension: (X-notifier (for Gmail\u2122,Hotmail,Yahoo,AOL...)) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco\3.3.6_0
CHR Extension: (Search by Image (by Google)) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Block site) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\2.1_0
CHR Extension: (AdBlock) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Lone Tree) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip\1.2_0
CHR Extension: (Typing Test - KeyHero) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0
CHR Extension: (Auto Replay for YouTube) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Google Mail Checker) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Quick Note) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Hover Zoom) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0
CHR Extension: (My Chrome Theme) - C:\DOCUME~1\WINXPSP3\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [257024 2007-07-12] (ASUSTeK COMPUTER INC.)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [810144 2010-08-12] (ESET)
S3 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] ()
R2 SafeIPS; C:\Program Files\SafeIP\SafeIPs.exe [3860480 2013-06-29] (SafeIP)
S3 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [18432 2011-09-26] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [8176640 2012-01-25] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-06] (Creative)
R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [12416 2007-07-12] (ASUSTeK Computer Inc.)
R1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11136 2007-07-12] (ASUSTeK COMPUTER INC.)
R3 ASUSVRC; C:\Windows\System32\DRIVERS\AsusVRC.sys [18432 2007-01-29] (ASUSTeK COMPUTER INC.)
S3 AtcL002; C:\Windows\System32\DRIVERS\l251x86.sys [30720 2011-03-15] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2012-07-28] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [38944 2011-10-13] (B.H.A Corporation)
R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [357070 2001-12-10] (C-Media Inc)
S3 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-10] (DT Soft Ltd)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [140752 2010-08-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [134512 2010-07-29] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [32608 2010-07-29] (ESET)
R1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [55256 2010-08-03] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [44632 2013-08-01] ()
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2012-07-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-05] (Creative Technology Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 pfmfs_7D5; C:\Windows\System32\Drivers\pfmfs_7D5.sys [199416 2012-12-05] (Pismo Technic Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [50176 2006-03-24] (Protection Technology (StarForce))
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-03-26] (AnchorFree Inc)
R2 vcs; C:\Documents and Settings\WINXPSP3\Desktop\AV VCS 3.0\vcs.sys [6852 2002-12-10] ()
R3 Video3D; C:\Windows\System32\Drivers\Video3D32.sys [10752 2007-07-12] (ASUSTeK COMPUTER INC.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-08-26] (CyberLink Corp.)
S3 AtiHDAudioService; system32\drivers\AtihdXP3.sys [x]
S4 IntelIde; No ImagePath
S2 NEWDRIVER; \??\C:\WINDOWS\system32\WinVDEdrv6.sys [x]
S3 rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 22:08 - 2013-10-08 22:08 - 00000000 ____D C:\FRST
2013-10-08 19:49 - 2013-10-08 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Agent Ransack
2013-10-08 19:49 - 2013-10-08 19:49 - 00000000 ____D C:\Program Files\Mythicsoft
2013-10-07 22:44 - 2013-10-07 22:43 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-05.dmp
2013-10-07 22:35 - 2013-10-07 22:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-04.dmp
2013-10-07 22:31 - 2013-10-07 22:31 - 00009574 _____ C:\Documents and Settings\WINXPSP3\Desktop\AdwCleaner[S0].txt
2013-10-07 22:19 - 2013-10-07 22:31 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:36 - 2013-10-07 21:36 - 00057108 _____ C:\Documents and Settings\WINXPSP3\Desktop\atleticar2.ai
2013-10-07 21:35 - 2013-10-07 21:35 - 00168168 _____ C:\Documents and Settings\WINXPSP3\Desktop\atleticar1 copy.ai
2013-10-07 21:35 - 2013-10-07 21:35 - 00160207 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema4.ai
2013-10-07 20:38 - 2013-10-07 20:37 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-03.dmp
2013-10-07 17:53 - 2013-10-07 17:53 - 00018090 _____ C:\Documents and Settings\WINXPSP3\Desktop\dds.txt
2013-10-07 17:53 - 2013-10-07 17:53 - 00016547 _____ C:\Documents and Settings\WINXPSP3\Desktop\attach.txt
2013-10-07 17:14 - 2013-10-07 17:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-02.dmp
2013-10-07 17:03 - 2013-10-07 17:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-07 06:51 - 2013-10-08 18:08 - 00023760 _____ C:\WINDOWS\setupapi.log
2013-10-06 23:15 - 2013-10-06 23:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-06 23:01 - 2013-10-06 23:01 - 00292366 _____ C:\Documents and Settings\WINXPSP3\Desktop\Opera 12 Notes.html
2013-10-06 23:00 - 2013-10-06 23:00 - 00000669 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera 17.lnk
2013-10-06 23:00 - 2013-10-06 23:00 - 00000669 _____ C:\Documents and Settings\All Users\Desktop\Opera 17.lnk
2013-10-06 23:00 - 2013-10-06 23:00 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Opera Software
2013-10-06 23:00 - 2013-10-06 23:00 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\Opera Software
2013-10-06 21:19 - 2013-10-06 21:19 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-10-06 21:19 - 2013-10-06 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-10-06 21:09 - 2013-10-06 21:09 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-06 21:09 - 2013-10-06 21:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-06 21:08 - 2013-10-06 21:08 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-06 21:08 - 2013-10-06 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-06 21:08 - 2013-10-06 21:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-06 21:08 - 2013-10-06 21:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-05 07:33 - 2013-10-05 07:34 - 00000304 ____H C:\IPH.PH
2013-10-05 07:33 - 2013-10-05 07:33 - 00001002 _____ C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.7 Install.lnk
2013-10-03 20:15 - 2013-10-05 07:43 - 00003656 _____ C:\WINDOWS\system32\SafeIPS.ini
2013-10-03 20:15 - 2013-10-05 07:43 - 00001944 _____ C:\WINDOWS\system32\SafeIPSOff.ini
2013-10-03 19:33 - 2013-10-03 19:33 - 00000000 ____D C:\Program Files\SafeIP
2013-10-03 19:33 - 2013-10-03 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SafeIP
2013-10-03 19:33 - 2013-06-29 00:21 - 00373760 _____ (SafeIP) C:\WINDOWS\system32\SafeIPs.dll
2013-10-03 13:38 - 2013-10-03 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
2013-10-02 22:20 - 2013-10-02 22:20 - 00002355 _____ C:\Documents and Settings\WINXPSP3\Desktop\Покретач Chrome апликација.lnk
2013-10-01 09:48 - 2013-10-01 19:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-29 15:59 - 2013-10-05 07:34 - 00009751 _____ C:\install.log
2013-09-29 15:59 - 2013-09-29 15:59 - 00000036 ___SH C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN.dat
2013-09-29 15:59 - 2013-09-29 15:59 - 00000000 ____D C:\Program Files\ShrewSoft
2013-09-29 01:30 - 2013-09-29 16:28 - 00000000 ____D C:\Program Files\iPod
2013-09-29 01:29 - 2013-09-29 16:28 - 00000000 ____D C:\Program Files\iTunes
2013-09-29 01:29 - 2013-09-29 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-26 18:29 - 2013-09-29 11:05 - 26083272 _____ C:\Documents and Settings\WINXPSP3\Desktop\wptest-master.zip
2013-09-21 23:09 - 2013-10-03 19:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6 p48
2013-09-19 21:21 - 2013-10-08 18:05 - 00000470 _____ C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2013-09-19 21:21 - 2013-09-20 20:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-09-19 21:21 - 2013-09-19 21:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2013-09-19 21:21 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100d.dll
2013-09-19 21:21 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100d.dll
2013-09-19 21:17 - 2013-09-19 21:18 - 01790576 _____ (Malwarebytes ) C:\Documents and Settings\WINXPSP3\Desktop\mbae-setup-0.09.3.1000.exe
2013-09-19 16:42 - 2013-09-19 16:58 - 47017922 _____ C:\Documents and Settings\WINXPSP3\Desktop\graphicriver-5466464-office-interior-logo-mockup-set.zip
2013-09-19 07:43 - 2013-09-19 07:43 - 00823429 _____ C:\Documents and Settings\WINXPSP3\Desktop\payment-icon-set.zip
2013-09-19 07:30 - 2013-09-19 07:30 - 00001663 _____ C:\Documents and Settings\WINXPSP3\Desktop\FileZilla Client.lnk
2013-09-18 20:49 - 2013-09-18 21:01 - 01128179 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross2.ai
2013-09-18 20:38 - 2013-09-18 21:45 - 00143005 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema2.ai
2013-09-17 22:44 - 2013-09-17 22:44 - 00140554 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema.ai
2013-09-17 22:43 - 2013-09-17 22:43 - 01113368 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross.ai
2013-09-17 22:00 - 2013-09-17 22:00 - 00565289 _____ C:\Documents and Settings\WINXPSP3\Desktop\asd.ai
2013-09-17 21:47 - 2013-09-17 21:48 - 00674209 _____ C:\Documents and Settings\WINXPSP3\Desktop\Untitled-1.ai
2013-09-16 23:46 - 2013-09-17 07:48 - 00119835 _____ C:\Documents and Settings\WINXPSP3\Desktop\Workbook.ai
2013-09-15 18:03 - 2013-09-15 18:04 - 02969080 _____ C:\Documents and Settings\WINXPSP3\Desktop\GR.Modern.Vintage.Inspired.Logo.Stamps.523547.rar
2013-09-12 17:52 - 2013-09-12 17:52 - 02203545 _____ C:\Documents and Settings\WINXPSP3\Desktop\aurove_retrobadges.zip
2013-09-10 21:08 - 2013-09-10 21:10 - 13368721 _____ C:\Documents and Settings\WINXPSP3\Desktop\ubyu_cs3_small_portrait_softback.zip
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\BetterPoEditor
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Michele_Locati
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BetterPoEditor
2013-09-09 07:33 - 2013-09-09 07:33 - 03452311 _____ C:\Documents and Settings\WINXPSP3\Desktop\__rar_0.103
2013-09-09 07:31 - 2013-09-09 07:34 - 03462165 _____ C:\Documents and Settings\WINXPSP3\Desktop\analiza.rar
2013-09-09 01:09 - 2013-10-08 21:22 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1960408961-515967899-1606980848-1003.job
2013-09-09 01:09 - 2013-10-08 18:15 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-09-09 01:09 - 2013-09-09 01:09 - 00000003 _____ C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\updater.log
2013-09-09 01:09 - 2013-09-09 01:09 - 00000000 ____D C:\Program Files\Skillbrains
2013-09-09 01:09 - 2013-09-09 01:09 - 00000000 ____D C:\Program Files\nplightshot
2013-09-09 00:18 - 2013-09-09 00:18 - 00066956 _____ C:\Documents and Settings\WINXPSP3\Desktop\Desktop.rar
2013-09-08 23:29 - 2013-09-09 08:25 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\analiza
2013-09-08 22:24 - 2013-09-08 22:24 - 00329040 _____ C:\Documents and Settings\WINXPSP3\Desktop\woocommerce-sr_RStestna.po
2013-09-08 22:24 - 2013-09-08 22:24 - 00024767 _____ C:\Documents and Settings\WINXPSP3\Desktop\woocommerce-sr_RStestna.mo
2013-09-08 19:43 - 2013-09-08 21:58 - 00890328 _____ C:\Documents and Settings\WINXPSP3\Desktop\kupisrcem.sql
2013-09-08 15:46 - 2013-09-08 15:46 - 03482178 _____ C:\Documents and Settings\WINXPSP3\Desktop\prevod ceo.zip

==================== One Month Modified Files and Folders =======

2013-10-08 22:08 - 2013-10-08 22:08 - 00000000 ____D C:\FRST
2013-10-08 22:07 - 2013-05-11 00:23 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\sajt
2013-10-08 21:50 - 2012-06-21 11:14 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 21:27 - 2011-05-03 16:33 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-515967899-1606980848-1003UA.job
2013-10-08 21:22 - 2013-09-09 01:09 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1960408961-515967899-1606980848-1003.job
2013-10-08 21:11 - 2011-07-07 00:52 - 00001010 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-515967899-1606980848-1003UA.job
2013-10-08 19:50 - 2013-10-08 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Agent Ransack
2013-10-08 19:49 - 2013-10-08 19:49 - 00000000 ____D C:\Program Files\Mythicsoft
2013-10-08 19:00 - 2011-05-08 23:48 - 00000260 _____ C:\WINDOWS\Tasks\RMSchedule.job
2013-10-08 18:20 - 2011-05-03 16:41 - 00000000 ____D C:\Program Files\Opera
2013-10-08 18:15 - 2013-09-09 01:09 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-10-08 18:13 - 2011-05-03 13:26 - 00334761 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-08 18:11 - 2011-07-07 00:52 - 00000988 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-515967899-1606980848-1003Core.job
2013-10-08 18:08 - 2013-10-07 06:51 - 00023760 _____ C:\WINDOWS\setupapi.log
2013-10-08 18:08 - 2011-05-03 14:20 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-10-08 18:07 - 2011-05-03 15:21 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-08 18:06 - 2012-07-11 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2013-10-08 18:06 - 2011-05-03 15:21 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-10-08 18:05 - 2013-09-19 21:21 - 00000470 _____ C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2013-10-08 18:05 - 2012-07-30 18:38 - 00000290 _____ C:\WINDOWS\Tasks\Express FilesUpdate.job
2013-10-08 18:05 - 2012-06-21 11:14 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 18:05 - 2012-06-10 11:52 - 00000316 _____ C:\WINDOWS\Tasks\Your File Updater.job
2013-10-08 18:05 - 2011-05-03 13:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-08 12:31 - 2011-05-03 13:35 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-08 12:31 - 2011-05-03 13:35 - 00000178 ___SH C:\Documents and Settings\WINXPSP3\ntuser.ini
2013-10-08 07:27 - 2011-05-03 16:33 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-515967899-1606980848-1003Core.job
2013-10-07 22:44 - 2011-05-23 06:13 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-07 22:43 - 2013-10-07 22:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-05.dmp
2013-10-07 22:34 - 2013-10-07 22:35 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-04.dmp
2013-10-07 22:31 - 2013-10-07 22:31 - 00009574 _____ C:\Documents and Settings\WINXPSP3\Desktop\AdwCleaner[S0].txt
2013-10-07 22:31 - 2013-10-07 22:19 - 00000000 ____D C:\AdwCleaner
2013-10-07 22:25 - 2013-06-15 00:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008
2013-10-07 21:36 - 2013-10-07 21:36 - 00057108 _____ C:\Documents and Settings\WINXPSP3\Desktop\atleticar2.ai
2013-10-07 21:35 - 2013-10-07 21:35 - 00168168 _____ C:\Documents and Settings\WINXPSP3\Desktop\atleticar1 copy.ai
2013-10-07 21:35 - 2013-10-07 21:35 - 00160207 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema4.ai
2013-10-07 20:57 - 2011-05-16 20:48 - 00000132 _____ C:\Documents and Settings\WINXPSP3\Application Data\Adobe PNG Format CS5 Prefs
2013-10-07 20:37 - 2013-10-07 20:38 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-03.dmp
2013-10-07 17:53 - 2013-10-07 17:53 - 00018090 _____ C:\Documents and Settings\WINXPSP3\Desktop\dds.txt
2013-10-07 17:53 - 2013-10-07 17:53 - 00016547 _____ C:\Documents and Settings\WINXPSP3\Desktop\attach.txt
2013-10-07 17:13 - 2013-10-07 17:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-02.dmp
2013-10-07 17:03 - 2013-10-07 17:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini100713-01.dmp
2013-10-07 16:35 - 2011-09-12 09:30 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\BitTorrent
2013-10-06 23:44 - 2011-05-03 13:35 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\Skype
2013-10-06 23:15 - 2013-10-06 23:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-10-06 23:01 - 2013-10-06 23:01 - 00292366 _____ C:\Documents and Settings\WINXPSP3\Desktop\Opera 12 Notes.html
2013-10-06 23:00 - 2013-10-06 23:00 - 00000669 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera 17.lnk
2013-10-06 23:00 - 2013-10-06 23:00 - 00000669 _____ C:\Documents and Settings\All Users\Desktop\Opera 17.lnk
2013-10-06 23:00 - 2013-10-06 23:00 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Opera Software
2013-10-06 23:00 - 2013-10-06 23:00 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\Opera Software
2013-10-06 21:39 - 2012-12-29 01:50 - 00121688 ____H C:\WINDOWS\system32\mlfcache.dat
2013-10-06 21:28 - 2012-05-21 17:39 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\FileZilla
2013-10-06 21:27 - 2011-05-03 13:35 - 00000000 ____D C:\Documents and Settings\WINXPSP3
2013-10-06 21:19 - 2013-10-06 21:19 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-10-06 21:19 - 2013-10-06 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-10-06 21:09 - 2013-10-06 21:09 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-06 21:08 - 2013-10-06 21:08 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-06 21:08 - 2013-10-06 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-06 21:07 - 2013-10-06 21:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-06 21:07 - 2013-10-06 21:08 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-06 21:07 - 2013-10-06 21:08 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-06 21:07 - 2012-05-29 09:14 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-10-06 21:07 - 2012-02-18 02:06 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-06 21:07 - 2011-05-03 13:31 - 00790440 ____C (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-10-06 20:44 - 2013-04-14 12:10 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-06 17:52 - 2012-03-30 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-06 17:52 - 2011-06-21 23:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-06 02:00 - 2011-05-08 16:41 - 00000348 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-PC-E1A9268535A6-WINXPSP3.job
2013-10-05 22:41 - 2011-05-11 11:56 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-05 07:43 - 2013-10-03 20:15 - 00003656 _____ C:\WINDOWS\system32\SafeIPS.ini
2013-10-05 07:43 - 2013-10-03 20:15 - 00001944 _____ C:\WINDOWS\system32\SafeIPSOff.ini
2013-10-05 07:34 - 2013-10-05 07:33 - 00000304 ____H C:\IPH.PH
2013-10-05 07:34 - 2013-09-29 15:59 - 00009751 _____ C:\install.log
2013-10-05 07:33 - 2013-10-05 07:33 - 00001002 _____ C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.7 Install.lnk
2013-10-05 07:33 - 2011-05-03 16:19 - 00000335 ____C C:\WINDOWS\nsreg.dat
2013-10-05 07:33 - 2011-05-03 16:19 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\Mozilla
2013-10-04 18:59 - 2012-07-13 14:58 - 01768448 ___SH C:\Documents and Settings\WINXPSP3\Desktop\Thumbs.db
2013-10-03 19:33 - 2013-10-03 19:33 - 00000000 ____D C:\Program Files\SafeIP
2013-10-03 19:33 - 2013-10-03 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SafeIP
2013-10-03 19:11 - 2013-09-21 23:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6 p48
2013-10-03 18:34 - 2011-05-03 16:33 - 00002309 _____ C:\Documents and Settings\WINXPSP3\Desktop\Google Chrome.lnk
2013-10-03 13:38 - 2013-10-03 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
2013-10-02 22:20 - 2013-10-02 22:20 - 00002355 _____ C:\Documents and Settings\WINXPSP3\Desktop\Покретач Chrome апликација.lnk
2013-10-02 22:20 - 2011-05-03 16:33 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Start Menu\Programs\Google Chrome
2013-10-02 00:34 - 2011-05-22 00:47 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-10-01 19:10 - 2013-10-01 09:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 16:40 - 2012-04-26 18:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-29 16:33 - 2012-08-19 13:17 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-29 16:32 - 2011-05-03 13:35 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-29 16:32 - 2011-05-03 13:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-09-29 16:30 - 2011-05-03 13:24 - 00000000 ____D C:\WINDOWS\Registration
2013-09-29 16:28 - 2013-09-29 01:30 - 00000000 ____D C:\Program Files\iPod
2013-09-29 16:28 - 2013-09-29 01:29 - 00000000 ____D C:\Program Files\iTunes
2013-09-29 16:27 - 2013-09-29 01:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-29 15:59 - 2013-09-29 15:59 - 00000036 ___SH C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN.dat
2013-09-29 15:59 - 2013-09-29 15:59 - 00000000 ____D C:\Program Files\ShrewSoft
2013-09-29 11:05 - 2013-09-26 18:29 - 26083272 _____ C:\Documents and Settings\WINXPSP3\Desktop\wptest-master.zip
2013-09-29 10:57 - 2008-04-14 10:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-29 01:30 - 2011-05-11 11:56 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-27 22:45 - 2012-05-10 20:08 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\svastara
2013-09-20 20:54 - 2013-09-19 21:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-09-19 21:21 - 2013-09-19 21:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2013-09-19 21:18 - 2013-09-19 21:17 - 01790576 _____ (Malwarebytes ) C:\Documents and Settings\WINXPSP3\Desktop\mbae-setup-0.09.3.1000.exe
2013-09-19 16:58 - 2013-09-19 16:42 - 47017922 _____ C:\Documents and Settings\WINXPSP3\Desktop\graphicriver-5466464-office-interior-logo-mockup-set.zip
2013-09-19 07:47 - 2012-11-07 18:21 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-19 07:43 - 2013-09-19 07:43 - 00823429 _____ C:\Documents and Settings\WINXPSP3\Desktop\payment-icon-set.zip
2013-09-19 07:30 - 2013-09-19 07:30 - 00001663 _____ C:\Documents and Settings\WINXPSP3\Desktop\FileZilla Client.lnk
2013-09-19 07:30 - 2012-05-21 17:39 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-09-19 07:30 - 2012-05-21 17:39 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Start Menu\Programs\FileZilla FTP Client
2013-09-18 22:24 - 2012-05-28 17:24 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\ldk stuff
2013-09-18 21:45 - 2013-09-18 20:38 - 00143005 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema2.ai
2013-09-18 21:01 - 2013-09-18 20:49 - 01128179 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross2.ai
2013-09-17 22:44 - 2013-09-17 22:44 - 00140554 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross priprema.ai
2013-09-17 22:43 - 2013-09-17 22:43 - 01113368 _____ C:\Documents and Settings\WINXPSP3\Desktop\logo cross.ai
2013-09-17 22:00 - 2013-09-17 22:00 - 00565289 _____ C:\Documents and Settings\WINXPSP3\Desktop\asd.ai
2013-09-17 21:48 - 2013-09-17 21:47 - 00674209 _____ C:\Documents and Settings\WINXPSP3\Desktop\Untitled-1.ai
2013-09-17 07:48 - 2013-09-16 23:46 - 00119835 _____ C:\Documents and Settings\WINXPSP3\Desktop\Workbook.ai
2013-09-17 07:18 - 2013-02-18 20:16 - 00196582 _____ C:\WINDOWS\system32\Drivers\aStandard.bin
2013-09-15 18:04 - 2013-09-15 18:03 - 02969080 _____ C:\Documents and Settings\WINXPSP3\Desktop\GR.Modern.Vintage.Inspired.Logo.Stamps.523547.rar
2013-09-12 17:52 - 2013-09-12 17:52 - 02203545 _____ C:\Documents and Settings\WINXPSP3\Desktop\aurove_retrobadges.zip
2013-09-10 21:10 - 2013-09-10 21:08 - 13368721 _____ C:\Documents and Settings\WINXPSP3\Desktop\ubyu_cs3_small_portrait_softback.zip
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\BetterPoEditor
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\Michele_Locati
2013-09-09 22:59 - 2013-09-09 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BetterPoEditor
2013-09-09 08:25 - 2013-09-08 23:29 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\analiza
2013-09-09 07:34 - 2013-09-09 07:31 - 03462165 _____ C:\Documents and Settings\WINXPSP3\Desktop\analiza.rar
2013-09-09 07:33 - 2013-09-09 07:33 - 03452311 _____ C:\Documents and Settings\WINXPSP3\Desktop\__rar_0.103
2013-09-09 01:16 - 2013-07-26 01:04 - 00699568 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-09-09 01:09 - 2013-09-09 01:09 - 00000003 _____ C:\Documents and Settings\WINXPSP3\Local Settings\Application Data\updater.log
2013-09-09 01:09 - 2013-09-09 01:09 - 00000000 ____D C:\Program Files\Skillbrains
2013-09-09 01:09 - 2013-09-09 01:09 - 00000000 ____D C:\Program Files\nplightshot
2013-09-09 00:32 - 2012-07-11 19:47 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Desktop\root
2013-09-09 00:18 - 2013-09-09 00:18 - 00066956 _____ C:\Documents and Settings\WINXPSP3\Desktop\Desktop.rar
2013-09-08 23:05 - 2013-05-03 07:28 - 00000000 ____D C:\Documents and Settings\WINXPSP3\Application Data\Hideman
2013-09-08 22:24 - 2013-09-08 22:24 - 00329040 _____ C:\Documents and Settings\WINXPSP3\Desktop\woocommerce-sr_RStestna.po
2013-09-08 22:24 - 2013-09-08 22:24 - 00024767 _____ C:\Documents and Settings\WINXPSP3\Desktop\woocommerce-sr_RStestna.mo
2013-09-08 21:58 - 2013-09-08 19:43 - 00890328 _____ C:\Documents and Settings\WINXPSP3\Desktop\kupisrcem.sql
2013-09-08 15:46 - 2013-09-08 15:46 - 03482178 _____ C:\Documents and Settings\WINXPSP3\Desktop\prevod ceo.zip

Files to move or delete:
====================
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe
C:\Documents and Settings\Default User\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe



Some content of TEMP:
====================
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2010-09-16 14:11] - [2010-09-16 14:11] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Nastavicemo sutra, kasno je, a ako mi verujes, sada sam usao u kucu, a izasao u 11 jutros...

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 43

Nije problem.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Nastavljamo Smile


Korak 1.


Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

MountPoints2: {73cd245f-d73e-11e1-a02f-00e07d9768df} - F:\silent.exe
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe
C:\Documents and Settings\Default User\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
CMD: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.




Korak 2.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

Ko je trenutno na forumu
 

Ukupno su 435 korisnika na forumu :: 6 registrovanih, 1 sakriven i 428 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, kybonacci, Mixelotti, mushroom, pavle_pzs, sabros