MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 25.9.2014
1

Provera
Sledeća strana Pagination

Idi na vrh

Poslao: 25 Sep 2014 13:52
Idi na vrh
offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1642
  • Gde živiš: Novi Banovci

Samo bih hteo da proverim, nista vise


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by admin (administrator) on PC1 on 25-09-2014 13:34:39
Running from C:\Users\admin\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Flux Software LLC) C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Run: [F.lux] => C:\Users\admin\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [1266520 2014-04-22] (BitTorrent Inc.)
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableChangePassword] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableLockWorkStation] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoSecurityTab] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7C8A8EE20D60CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {9E143D30-50C0-4B69-8B9D-201DC7A8C9F4} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {9E143D30-50C0-4B69-8B9D-201DC7A8C9F4} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\utjal9zd.default
FF Homepage: google.rs
FF Keyword.URL: [Link mogu videti samo ulogovani korisnici]
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: [Link mogu videti samo ulogovani korisnici]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\utjal9zd.default\searchplugins\yahoo_ff.xml
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-02-28]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\utjal9zd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-19]
FF HKLM\...\Firefox\Extensions: [BaseFlash@B1a2s3e4F5l6a7s8h9.es] - C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox
FF Extension: BaseFlash - C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox [2014-05-03]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR CustomProfile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VLC for YouTube™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel [2013-09-18]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-06-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (Music Player for Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2014-02-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-02-11]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Technology & Gadget News) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okflobkfhhcnjlcbljmenmeapbgfnicb [2014-08-30]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM\...\Chrome\Extension: [bdjbhljkcfdfipjhecpfgagdalflncik] - C:\Program Files\GoPhoto.it\gophotoit15.crx []
CHR HKLM\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
CHR HKCU\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
CHR StartMenuInternet: Google Chrome - C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-08] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-18] (Avira Operations GmbH & Co. KG)
S4 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2370448 2012-05-18] (WIBU-SYSTEMS AG)
S4 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HTCMonitorService; D:\Programi\HTC\HSMServiceEntry.exe [87368 2012-06-08] (Nero AG)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-06-11] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.)
S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-28] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [25680 2008-12-18] (Aladdin Knowledge Systems Ltd.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [21624 2012-11-17] (REALiX(tm))
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-08] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2012-07-24] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2012-07-24] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2012-07-24] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
R2 SecDrv; C:\Windows\system32\drivers\SECDRV.SYS [11376 2002-12-13] () [File not signed]
S3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [27632 2012-07-24] (Sony Ericsson Mobile Communications) [File not signed]
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-12] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2012-09-10] (NCH Software)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
R2 U3SDR200; C:\Windows\System32\Drivers\U3SDR200.SYS [4224 2013-02-15] () [File not signed]
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-06-04] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452432 2012-06-04] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283344 2012-06-04] (Paragon)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1056256 2009-06-02] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-08-15] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-08-01] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.)
S1 SuperMounter; No ImagePath
U2 TMAgent; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:34 - 2014-09-25 13:35 - 00020259 _____ () C:\Users\admin\Desktop\FRST.txt
2014-09-25 13:34 - 2014-09-25 13:34 - 01098240 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2014-09-25 13:34 - 2014-09-25 13:34 - 00000000 ____D () C:\FRST
2014-09-24 20:14 - 2014-09-24 20:14 - 00524345 _____ () C:\Users\Mama i Tata\Desktop\Programi-S.zip
2014-09-24 19:32 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 10:03 - 2014-09-18 10:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Landwirt2014
2014-09-17 02:22 - 2014-09-17 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
2014-09-14 20:39 - 2014-09-14 20:39 - 00118149 _____ () C:\Users\Mama i Tata\Downloads\wmpChrome.crx
2014-09-14 15:51 - 2014-09-14 15:51 - 00090793 _____ () C:\Users\Mama i Tata\Desktop\planovi.rar
2014-09-13 22:22 - 2014-09-13 22:22 - 00048605 _____ () C:\Users\Mama i Tata\Desktop\преузимање.htm
2014-09-13 21:50 - 2014-09-13 21:56 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\LEKOVITO BILJE
2014-09-11 18:53 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 18:53 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 18:53 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 18:53 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 18:53 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 18:53 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 18:53 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 18:53 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 18:53 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 18:53 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 18:53 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 18:53 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 18:53 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 18:53 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 18:53 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 18:53 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 18:53 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 18:53 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 18:53 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 18:53 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 18:53 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 18:53 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 18:53 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 18:53 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 18:53 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 18:53 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 18:53 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 18:53 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 18:53 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 18:53 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 18:53 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 18:09 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 18:09 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 18:08 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 18:08 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 18:08 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 18:08 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 23:02 - 2014-09-09 23:13 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Local\ABBYY
2014-09-09 23:02 - 2014-09-09 23:02 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Roaming\ABBYY
2014-09-09 22:59 - 2014-09-09 22:59 - 00000000 ____D () C:\ProgramData\ABBYY
2014-09-09 21:17 - 2014-09-25 00:28 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\godisnji za 1.r
2014-09-09 15:34 - 2014-09-09 15:34 - 00001043 _____ () C:\Users\admin\Desktop\3D Print Helper.lnk
2014-09-09 15:34 - 2014-09-09 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Print Helper
2014-09-09 15:34 - 2014-09-09 15:34 - 00000000 ____D () C:\Program Files\3D Print Helper
2014-09-09 15:34 - 2011-12-09 08:56 - 01931256 _____ (Codejock Software) C:\Windows\system32\Codejock.Controls.Unicode.v15.2.1.ocx
2014-09-09 15:34 - 2011-12-09 08:56 - 00587768 _____ (Codejock Software) C:\Windows\system32\Codejock.SkinFramework.Unicode.v15.2.1.ocx
2014-09-09 15:34 - 2011-12-09 08:55 - 02775032 _____ (Codejock Software) C:\Windows\system32\Codejock.CommandBars.Unicode.v15.2.1.ocx
2014-09-09 15:34 - 2000-05-22 00:00 - 00608448 _____ (Microsoft Corporation) C:\Windows\system32\Comctl32.ocx
2014-09-08 09:32 - 2014-09-08 09:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 09:08 - 2014-09-08 09:08 - 00000000 ____D () C:\SUPERDelete
2014-09-08 09:00 - 2014-09-08 09:00 - 00459048 __RSH () C:\INLQO
2014-09-07 23:38 - 2014-09-07 23:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2013
2014-09-07 23:33 - 2014-09-07 23:38 - 00000000 ____D () C:\Windows\system32\FSIM2013Unin
2014-09-07 20:12 - 2014-09-07 20:12 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Roaming\PowerISO
2014-09-07 20:07 - 2014-09-07 20:07 - 02528480 _____ (Power Software Ltd) C:\Users\Mama i Tata\Desktop\PowerISO6-cnet.exe
2014-09-07 19:35 - 2014-09-07 19:35 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Local\ShamurShamur
2014-09-06 20:34 - 2014-09-06 20:34 - 00485376 _____ () C:\Users\Mama i Tata\Desktop\PRIJAVA-ODJAVA_Instrukcije.ppt
2014-09-06 16:14 - 2014-09-06 16:14 - 00000000 __SHD () C:\Users\Mama i Tata\AppData\Local\EmieUserList
2014-09-06 16:14 - 2014-09-06 16:14 - 00000000 __SHD () C:\Users\Mama i Tata\AppData\Local\EmieSiteList
2014-09-05 23:54 - 2014-09-05 23:54 - 03890688 _____ () C:\Users\Mama i Tata\Desktop\pril (4).ppt
2014-09-03 17:51 - 2014-09-15 18:38 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\data status
2014-08-30 13:52 - 2014-08-30 13:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-08-28 20:58 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 20:58 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-28 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-28 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:35 - 2014-09-25 13:34 - 00020259 _____ () C:\Users\admin\Desktop\FRST.txt
2014-09-25 13:34 - 2014-09-25 13:34 - 01098240 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2014-09-25 13:34 - 2014-09-25 13:34 - 00000000 ____D () C:\FRST
2014-09-25 13:31 - 2011-08-21 18:35 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2014-09-25 13:28 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:28 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:24 - 2011-08-22 00:54 - 01479912 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 13:21 - 2014-06-01 19:58 - 00012890 _____ () C:\Windows\setupact.log
2014-09-25 13:21 - 2014-04-26 14:26 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 13:21 - 2013-11-04 01:30 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-25 13:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 13:20 - 2014-06-01 19:58 - 00004131 _____ () C:\Windows\errord.log
2014-09-25 11:36 - 2013-11-11 15:45 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Roaming\uTorrent
2014-09-25 11:23 - 2013-11-04 01:51 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\Slavica
2014-09-25 11:16 - 2014-04-23 17:49 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\Olimpijada NIS
2014-09-25 11:04 - 2014-04-10 22:48 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014UA.job
2014-09-25 10:46 - 2014-04-26 14:26 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 10:46 - 2011-08-21 16:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA.job
2014-09-25 10:37 - 2013-02-10 02:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 00:28 - 2014-09-09 21:17 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\godisnji za 1.r
2014-09-24 23:26 - 2014-03-24 10:21 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\Miroslav
2014-09-24 22:31 - 2010-11-20 23:01 - 00805012 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 21:00 - 2014-04-10 22:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014Core.job
2014-09-24 20:14 - 2014-09-24 20:14 - 00524345 _____ () C:\Users\Mama i Tata\Desktop\Programi-S.zip
2014-09-19 22:46 - 2012-09-11 00:43 - 00000040 _____ () C:\Windows\RSoftInfo.dat
2014-09-19 15:10 - 2012-11-25 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 14:29 - 2011-08-22 21:01 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-09-18 10:03 - 2014-09-18 10:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Landwirt2014
2014-09-18 10:03 - 2011-09-09 21:19 - 00000000 ____D () C:\Users\admin\AppData\Local\SKIDROW
2014-09-18 00:13 - 2013-12-03 21:02 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\DJORDJE
2014-09-17 02:28 - 2011-10-14 21:53 - 00000000 ____D () C:\Users\admin\AppData\Roaming\2K Sports
2014-09-17 02:27 - 2011-08-21 16:48 - 00000000 ___RD () C:\Users\admin\Desktop\Games
2014-09-17 02:22 - 2014-09-17 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
2014-09-17 02:22 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-16 13:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 18:38 - 2014-09-03 17:51 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\data status
2014-09-14 20:39 - 2014-09-14 20:39 - 00118149 _____ () C:\Users\Mama i Tata\Downloads\wmpChrome.crx
2014-09-14 17:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-14 15:51 - 2014-09-14 15:51 - 00090793 _____ () C:\Users\Mama i Tata\Desktop\planovi.rar
2014-09-13 22:28 - 2012-01-28 23:17 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-09-13 22:22 - 2014-09-13 22:22 - 00048605 _____ () C:\Users\Mama i Tata\Desktop\преузимање.htm
2014-09-13 21:56 - 2014-09-13 21:50 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\LEKOVITO BILJE
2014-09-13 21:50 - 2014-02-09 18:17 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\Maki
2014-09-13 01:05 - 2014-06-20 21:10 - 00004096 ____H () C:\Users\Mama i Tata\AppData\Local\keyfile3.drm
2014-09-11 22:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 18:55 - 2013-09-22 17:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 18:53 - 2013-08-19 02:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 18:40 - 2014-05-06 00:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 18:40 - 2011-08-21 17:29 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:18 - 2014-06-03 18:46 - 00014924 _____ () C:\Windows\PFRO.log
2014-09-10 13:50 - 2012-09-23 19:21 - 00000000 ____D () C:\ProgramData\TechSmith
2014-09-10 12:59 - 2011-08-21 16:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core.job
2014-09-09 23:47 - 2014-09-24 19:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:13 - 2014-09-09 23:02 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Local\ABBYY
2014-09-09 23:02 - 2014-09-09 23:02 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Roaming\ABBYY
2014-09-09 22:59 - 2014-09-09 22:59 - 00000000 ____D () C:\ProgramData\ABBYY
2014-09-09 21:12 - 2013-11-20 01:00 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Local\CrashDumps
2014-09-09 15:34 - 2014-09-09 15:34 - 00001043 _____ () C:\Users\admin\Desktop\3D Print Helper.lnk
2014-09-09 15:34 - 2014-09-09 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Print Helper
2014-09-09 15:34 - 2014-09-09 15:34 - 00000000 ____D () C:\Program Files\3D Print Helper
2014-09-09 13:22 - 2009-07-14 06:53 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-08 20:27 - 2014-04-19 11:19 - 00000131 _____ () C:\DeletePrintJobs.cmd
2014-09-08 09:37 - 2013-12-04 14:47 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-08 09:32 - 2014-09-08 09:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 09:32 - 2014-06-03 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 09:32 - 2014-06-03 16:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-08 09:08 - 2014-09-08 09:08 - 00000000 ____D () C:\SUPERDelete
2014-09-08 09:07 - 2013-11-02 11:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-08 09:00 - 2014-09-08 09:00 - 00459048 __RSH () C:\INLQO
2014-09-08 00:07 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-07 23:53 - 2012-08-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-09-07 23:53 - 2012-08-24 21:07 - 00000000 ____D () C:\Program Files\CPUID
2014-09-07 23:42 - 2012-06-19 20:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\PowerISO
2014-09-07 23:40 - 2011-12-27 22:39 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-09-07 23:39 - 2014-07-09 15:48 - 00000000 ____D () C:\Program Files\KONAMI
2014-09-07 23:39 - 2012-10-27 00:56 - 00008488 __RSH () C:\ProgramData\ntuser.pol
2014-09-07 23:38 - 2014-09-07 23:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2013
2014-09-07 23:38 - 2014-09-07 23:33 - 00000000 ____D () C:\Windows\system32\FSIM2013Unin
2014-09-07 23:38 - 2011-08-24 16:56 - 00000000 ____D () C:\Users\admin\Documents\My Games
2014-09-07 23:33 - 2011-08-23 16:58 - 00000000 ____D () C:\Users\admin\Documents\KONAMI
2014-09-07 20:12 - 2014-09-07 20:12 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Roaming\PowerISO
2014-09-07 20:07 - 2014-09-07 20:07 - 02528480 _____ (Power Software Ltd) C:\Users\Mama i Tata\Desktop\PowerISO6-cnet.exe
2014-09-07 19:35 - 2014-09-07 19:35 - 00000000 ____D () C:\Users\Mama i Tata\AppData\Local\ShamurShamur
2014-09-07 14:11 - 2013-11-05 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-09-07 14:11 - 2012-07-01 16:19 - 00000000 ____D () C:\Program Files\Sony
2014-09-06 20:34 - 2014-09-06 20:34 - 00485376 _____ () C:\Users\Mama i Tata\Desktop\PRIJAVA-ODJAVA_Instrukcije.ppt
2014-09-06 16:14 - 2014-09-06 16:14 - 00000000 __SHD () C:\Users\Mama i Tata\AppData\Local\EmieUserList
2014-09-06 16:14 - 2014-09-06 16:14 - 00000000 __SHD () C:\Users\Mama i Tata\AppData\Local\EmieSiteList
2014-09-06 00:25 - 2014-06-25 20:55 - 00000000 ____D () C:\Users\Mama i Tata\Desktop\portfolio
2014-09-05 23:54 - 2014-09-05 23:54 - 03890688 _____ () C:\Users\Mama i Tata\Desktop\pril (4).ppt
2014-09-05 03:52 - 2014-09-11 18:08 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 18:08 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 21:09 - 2014-05-29 09:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-30 13:52 - 2014-08-30 13:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-08-29 15:33 - 2009-07-14 06:33 - 04018304 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AcDeltree.exe
C:\Users\admin\AppData\Local\Temp\AutoRun.exe
C:\Users\admin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\admin\AppData\Local\Temp\EAInstall.dll
C:\Users\admin\AppData\Local\Temp\eauninstall.exe
C:\Users\admin\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\admin\AppData\Local\Temp\sonarinst.exe
C:\Users\admin\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Mama i Tata\AppData\Local\Temp\avgnt.exe
C:\Users\Mama i Tata\AppData\Local\Temp\GdiPlus.dll
C:\Users\Mama i Tata\AppData\Local\Temp\GUR7B37.exe
C:\Users\Mama i Tata\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Mama i Tata\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Mama i Tata\AppData\Local\Temp\mailruhomesearch.exe
C:\Users\Mama i Tata\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Mama i Tata\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Mama i Tata\AppData\Local\Temp\ObnoviSoft.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 18:13

==================== End Of Log ============================

[Link mogu videti samo ulogovani korisnici]



Poslao: 25 Sep 2014 14:50
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,




Arrow
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CloseProcesses:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
SearchScopes: HKLM - DefaultScope value is missing.
FF Extension: BaseFlash - C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox [2014-05-03]
CHR HKLM\...\Chrome\Extension: [bdjbhljkcfdfipjhecpfgagdalflncik] - C:\Program Files\GoPhoto.it\gophotoit15.crx []
CHR HKLM\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
CHR HKCU\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
Task: {3B44AF82-5D6A-4F4E-BE87-5ACC59CCF529} - \FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core No Task File <==== ATTENTION
Task: {6A17A766-C13A-4AA9-A131-9EEA9D0C9F22} - \FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA No Task File <==== ATTENTION
Task: {7E9D92CF-2783-45AB-B816-E1169E9EB491} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Hosts:
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableChangePassword] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableLockWorkStation] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoSecurityTab] 1
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9
AlternateDataStreams: C:\Users\Mama i Tata\Desktop\vlc-2.1.3-win32.exe:BDU
EmptyTemp:
C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox
C:\Program Files\GoPhoto.it
C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx
C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx
C:\Program Files\YourFileDownloader

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






.




Arrow
1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);
Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.

------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl



Poslao: 25 Sep 2014 15:56
Idi na vrh
offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1642
  • Gde živiš: Novi Banovci

Napisano: 25 Sep 2014 15:55

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014
Ran by admin at 2014-09-25 15:15:01 Run:1
Running from C:\Users\admin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM - DefaultScope value is missing.
FF Extension: BaseFlash - C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox [2014-05-03]
CHR HKLM\...\Chrome\Extension: [bdjbhljkcfdfipjhecpfgagdalflncik] - C:\Program Files\GoPhoto.it\gophotoit15.crx []
CHR HKLM\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
CHR HKCU\...\Chrome\Extension: [nihbenclcjngmdidijddeocjfokamlhp] - C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx [2012-08-29]
Task: {3B44AF82-5D6A-4F4E-BE87-5ACC59CCF529} - \FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core No Task File <==== ATTENTION
Task: {6A17A766-C13A-4AA9-A131-9EEA9D0C9F22} - \FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA No Task File <==== ATTENTION
Task: {7E9D92CF-2783-45AB-B816-E1169E9EB491} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Hosts:
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableChangePassword] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\system: [DisableLockWorkStation] 4294967295
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\...\Policies\Explorer: [NoSecurityTab] 1
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9
AlternateDataStreams: C:\Users\Mama i Tata\Desktop\vlc-2.1.3-win32.exe:BDU
EmptyTemp:
C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox
C:\Program Files\GoPhoto.it
C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx
C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx
C:\Program Files\YourFileDownloader
*****************

Processes closed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bdjbhljkcfdfipjhecpfgagdalflncik" => Key deleted successfully.
"C:\Program Files\GoPhoto.it\gophotoit15.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nihbenclcjngmdidijddeocjfokamlhp" => Key deleted successfully.
C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\nihbenclcjngmdidijddeocjfokamlhp" => Key deleted successfully.
"C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B44AF82-5D6A-4F4E-BE87-5ACC59CCF529}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B44AF82-5D6A-4F4E-BE87-5ACC59CCF529}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A17A766-C13A-4AA9-A131-9EEA9D0C9F22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A17A766-C13A-4AA9-A131-9EEA9D0C9F22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E9D92CF-2783-45AB-B816-E1169E9EB491}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E9D92CF-2783-45AB-B816-E1169E9EB491}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully.
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkStation => value deleted successfully.
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
HKU\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab => value deleted successfully.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully.
C:\Users\Mama i Tata\Desktop\vlc-2.1.3-win32.exe => ":BDU" ADS removed successfully.
"C:\Users\Mama i Tata\AppData\Roaming\BaseFlash\Firefox" => File/Directory not found.
"C:\Program Files\GoPhoto.it" => File/Directory not found.
"C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx" => File/Directory not found.
"C:\Users\admin\AppData\Local\CRE\nihbenclcjngmdidijddeocjfokamlhp.crx" => File/Directory not found.
"C:\Program Files\YourFileDownloader" => File/Directory not found.
EmptyTemp: => Removed 3.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



ComboFix 14-09-22.01 - admin 25-Sep-14 15:26:15.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1955 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1396645824.bdinstall.bin
c:\programdata\1400457357.bdinstall.bin
c:\users\admin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
.
.
((((((((((((((((((((((((( Files Created from 2014-08-25 to 2014-09-25 )))))))))))))))))))))))))))))))
.
.
2014-09-25 13:34 . 2014-09-25 13:41 -------- d-----w- c:\users\admin\AppData\Local\temp
2014-09-25 13:34 . 2014-09-25 13:34 -------- d-----w- c:\users\Mama i Tata\AppData\Local\temp
2014-09-25 13:12 . 2014-09-09 16:34 741488 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-09-25 13:12 . 2014-09-09 16:32 105472 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-09-25 11:34 . 2014-09-25 13:15 -------- d-----w- C:\FRST
2014-09-24 17:32 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-18 08:03 . 2014-09-18 08:03 -------- d-----w- c:\users\admin\AppData\Roaming\Landwirt2014
2014-09-11 16:09 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 16:09 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 16:08 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 16:08 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 16:08 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 16:08 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 11:41 . 2014-09-10 11:41 -------- d-----w- c:\users\admin\AppData\Local\ElevatedDiagnostics
2014-09-09 21:02 . 2014-09-09 21:02 -------- d-----w- c:\users\Mama i Tata\AppData\Roaming\ABBYY
2014-09-09 21:02 . 2014-09-09 21:13 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ABBYY
2014-09-09 20:59 . 2014-09-09 20:59 -------- d-----w- c:\programdata\ABBYY
2014-09-09 20:40 . 2014-09-09 20:40 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ElevatedDiagnostics
2014-09-09 16:32 . 2014-09-09 16:32 175976 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-09-09 16:32 . 2014-09-09 16:32 127584 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-09-09 16:32 . 2014-09-09 16:32 117272 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-09-09 13:34 . 2014-09-09 13:34 -------- d-----w- c:\program files\3D Print Helper
2014-09-09 13:34 . 2011-12-09 06:56 587768 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2011-12-09 06:56 1931256 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2011-12-09 06:55 2775032 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2000-05-21 22:00 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2014-09-08 07:08 . 2014-09-08 07:08 -------- d-----w- C:\SUPERDelete
2014-09-07 21:33 . 2014-09-07 21:38 -------- d-----w- c:\windows\system32\FSIM2013Unin
2014-09-07 18:12 . 2014-09-07 18:12 -------- d-----w- c:\users\Mama i Tata\AppData\Roaming\PowerISO
2014-09-07 17:35 . 2014-09-07 17:35 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ShamurShamur
2014-09-06 14:14 . 2014-09-06 14:14 -------- d-sh--w- c:\users\Mama i Tata\AppData\Local\EmieUserList
2014-09-06 14:14 . 2014-09-06 14:14 -------- d-sh--w- c:\users\Mama i Tata\AppData\Local\EmieSiteList
2014-08-30 11:52 . 2014-08-30 11:52 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-08-28 18:58 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 18:58 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 18:53 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-28 18:53 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-28 18:53 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-28 18:53 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-28 18:53 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-28 18:53 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-28 18:53 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-28 18:52 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-28 18:52 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-08 18:27 . 2014-04-19 09:19 131 ----a-w- C:\DeletePrintJobs.cmd
2014-09-08 07:37 . 2013-12-04 12:47 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-18 07:57 . 2014-05-20 07:56 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42 . 2014-08-18 08:05 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-03 17:10 . 2014-05-19 00:11 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:14 . 2014-08-18 09:45 8856 ----a-w- c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\admin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"MCShield Monitor"="c:\program files\MCShield\MCShieldRTM.exe" [2014-04-11 650816]
"uTorrent"="c:\users\admin\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-22 1266520]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-18 751184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk]
backup=c:\windows\pss\Box Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
backup=c:\windows\pss\Start GeekBuddy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk]
backup=c:\windows\pss\fliptoast.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Monitor 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 05:27 444904 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-06-25 08:16 1073352 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2014-08-04 12:20 161584 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 14:24 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-17 06:18 1417216 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-03-20 21:03 1797064 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2014-03-04 12:34 4348704 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2014-03-04 12:34 375128 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-05-07 12:44 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-08 07:04 6688024 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-04-22 18:52 1266520 ----a-w- c:\users\admin\AppData\Roaming\uTorrent\uTorrent.exe
.
R1 SuperMounter;SuperMounter; [x]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2012-06-04 283344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-04-16 15896]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-09-08 110296]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2012-07-24 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2012-07-24 120744]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2012-07-24 110632]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2012-07-24 27632]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-09-08 142648]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-08-18 1021520]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-08-04 149296]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
R4 HTCMonitorService;HTCMonitorService;d:\programi\HTC\HSMServiceEntry.exe [2012-06-08 87368]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-05-09 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-27 242240]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 35560]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2012-11-17 21624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-09-09 741488]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-09-09 105472]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-18 430160]
S2 U3SDR200;U3SDR200;c:\windows\System32\Drivers\U3SDR200.SYS [2013-02-15 4224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2012-09-10 49240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-09-09 117272]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-09-09 127584]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1056256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
BullGuard_Backup REG_MULTI_SZ BsBackup
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 07:30]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-26 12:26]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-26 12:26]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014Core.job
- c:\users\Mama i Tata\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-10 20:48]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014UA.job
- c:\users\Mama i Tata\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-10 20:48]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote
Trusted Zone: cleverreach.com\novastor
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-WinFLAdrv.sys
SafeBoot-SophosVirusRemovalTool
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTibMounterMonitor - c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSConfigStartUp-BingDesktop - c:\program files\Microsoft\BingDesktop\BingDesktop.exe
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-BoxSyncHelper - c:\program files\Box Sync\BoxSyncHelper.exe
MSConfigStartUp-Eraser - c:\progra~1\Eraser\Eraser.exe
MSConfigStartUp-gbrspcontrol - c:\program files\Common Files\Comodo\GeekBuddyRSP.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
MSConfigStartUp-RssReader - c:\program files\RssReader\RssReader.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-TrayMonitor - (no file)
MSConfigStartUp-TrueImageMonitor - (no file)
MSConfigStartUp-Viber - c:\users\admin\AppData\Local\Viber\Viber.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d6,68,
77,82,e9,a5,3c,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,1f,5f,dd,6e,17,5d,0b,af,29,04,f4,50,1c,5d,b6,5a,31,dc,2a,90,44,64,
8e,73,d9,b3,de,a3,11,7a,ac,51,76,16,f3,b7,ee,ac,a2,d1,33,ed,9d,da,a6,4b,b0,\
"??"=hex:be,be,14,86,7f,95,87,82,c8,40,29,eb,e0,43,83,f5
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,f9,99,c8,86,20,5d,5c,86,29,74,04,ba,9d,66,70,5d,f5,74,bf,91,
d7,05,fa,ad,8a,21,5a,cb,23,23,cf,a2,15,5f,ce,b8,a2,72,3f,8a,dd,8b,59,4e,80,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2014-09-25 15:45:37 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-25 13:45
.
Pre-Run: 146,444,242,944 bytes free
Post-Run: 146,135,175,168 bytes free
.
- - End Of File - - FAD18376D65A335506253CC6CB302B73
A36C5E4F47E84449FF07ED3517B43A31

[Link mogu videti samo ulogovani korisnici]

Dopuna: 25 Sep 2014 15:56

I samo mi kazite u cemu je bio problem kada je morao combofix da radi?

Poslao: 26 Sep 2014 14:15
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Imao si relativno novu infekciju kojoj je namera da blokira sav security softver. Preporuka da promenis sav password.






Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]

File::
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
c:\windows\pss\MyPC Backup.lnk.Startup

NetSvc::
UxTuneUp

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

RegLockDell::
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 26 Sep 2014 18:09
Idi na vrh
offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1642
  • Gde živiš: Novi Banovci

Odradio je proces, ali mi nije izbacio nikakav log?

Poslao: 26 Sep 2014 18:12
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Onda ponovo pokreni ComboFix (dvoklikom) i postavi sveze postavljen log.

Poslao: 26 Sep 2014 20:20
Idi na vrh
offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1642
  • Gde živiš: Novi Banovci

ComboFix 14-09-24.01 - admin 26-Sep-14 19:55:44.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.2070 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: AVG Internet Security 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\admin\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-26 to 2014-09-26 )))))))))))))))))))))))))))))))
.
.
2014-09-26 18:08 . 2014-09-26 18:08 -------- d-----w- c:\users\admin\AppData\Local\temp
2014-09-26 18:08 . 2014-09-26 18:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-26 18:08 . 2014-09-26 18:08 -------- d-----w- c:\users\Mama i Tata\AppData\Local\temp
2014-09-26 18:08 . 2014-09-26 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-26 18:08 . 2014-09-26 18:08 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2014-09-26 16:31 . 2014-09-26 16:31 -------- d-----w- c:\programdata\Avg_Update_0914avi
2014-09-26 16:28 . 2014-09-26 16:28 -------- d-----w- c:\users\admin\AppData\Roaming\AVG2015
2014-09-26 16:26 . 2014-09-26 16:27 -------- d-----w- c:\programdata\AVG2015
2014-09-26 16:26 . 2014-09-26 16:26 -------- d-----w- C:\$AVG
2014-09-26 16:25 . 2014-09-26 16:25 -------- d-----w- c:\program files\AVG
2014-09-26 16:23 . 2014-09-26 18:07 -------- d-----w- c:\programdata\MFAData
2014-09-26 16:23 . 2014-09-26 16:27 -------- d-----w- c:\users\admin\AppData\Local\Avg2015
2014-09-26 16:23 . 2014-09-26 16:23 -------- d-----w- c:\users\admin\AppData\Local\MFAData
2014-09-26 08:09 . 2014-09-26 08:09 -------- d-----w- c:\users\admin\Doctor Web
2014-09-25 21:31 . 2014-09-26 16:20 -------- d-----w- c:\program files\DrWeb
2014-09-25 21:29 . 2014-09-26 16:20 -------- d-----w- c:\programdata\Doctor Web
2014-09-25 13:12 . 2014-09-09 16:34 741488 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-09-25 13:12 . 2014-09-09 16:32 105472 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-09-25 11:34 . 2014-09-25 13:15 -------- d-----w- C:\FRST
2014-09-24 17:32 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-18 08:03 . 2014-09-18 08:03 -------- d-----w- c:\users\admin\AppData\Roaming\Landwirt2014
2014-09-11 16:09 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 16:09 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 16:08 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 16:08 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 16:08 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 16:08 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 11:41 . 2014-09-10 11:41 -------- d-----w- c:\users\admin\AppData\Local\ElevatedDiagnostics
2014-09-09 21:02 . 2014-09-09 21:02 -------- d-----w- c:\users\Mama i Tata\AppData\Roaming\ABBYY
2014-09-09 21:02 . 2014-09-09 21:13 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ABBYY
2014-09-09 20:59 . 2014-09-09 20:59 -------- d-----w- c:\programdata\ABBYY
2014-09-09 20:40 . 2014-09-09 20:40 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ElevatedDiagnostics
2014-09-09 16:32 . 2014-09-09 16:32 175976 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-09-09 16:32 . 2014-09-09 16:32 127584 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-09-09 16:32 . 2014-09-09 16:32 117272 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-09-09 13:34 . 2014-09-09 13:34 -------- d-----w- c:\program files\3D Print Helper
2014-09-09 13:34 . 2011-12-09 06:56 587768 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2011-12-09 06:56 1931256 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2011-12-09 06:55 2775032 ----a-w- c:\windows\system32\Codejock.CommandBars.Unicode.v15.2.1.ocx
2014-09-09 13:34 . 2000-05-21 22:00 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2014-09-08 07:08 . 2014-09-08 07:08 -------- d-----w- C:\SUPERDelete
2014-09-07 21:33 . 2014-09-07 21:38 -------- d-----w- c:\windows\system32\FSIM2013Unin
2014-09-07 18:12 . 2014-09-07 18:12 -------- d-----w- c:\users\Mama i Tata\AppData\Roaming\PowerISO
2014-09-07 17:35 . 2014-09-07 17:35 -------- d-----w- c:\users\Mama i Tata\AppData\Local\ShamurShamur
2014-09-06 14:14 . 2014-09-06 14:14 -------- d-sh--w- c:\users\Mama i Tata\AppData\Local\EmieUserList
2014-09-06 14:14 . 2014-09-06 14:14 -------- d-sh--w- c:\users\Mama i Tata\AppData\Local\EmieSiteList
2014-08-30 11:52 . 2014-08-30 11:52 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-08-28 18:58 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 18:58 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 18:53 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-28 18:53 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-28 18:53 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-28 18:53 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-28 18:53 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-28 18:53 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-28 18:53 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-28 18:52 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-28 18:52 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 21:46 . 2014-06-19 10:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-08 18:27 . 2014-04-19 09:19 131 ----a-w- C:\DeletePrintJobs.cmd
2014-09-08 07:37 . 2013-12-04 12:47 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-20 19:49 . 2014-08-20 19:49 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-06 19:38 . 2014-08-06 19:38 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 12:09 . 2014-07-24 12:09 204056 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-18 13:55 . 2014-07-18 13:55 230680 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-07-14 01:42 . 2014-08-18 08:05 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-02 08:01 . 2014-07-02 08:01 199448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-30 22:14 . 2014-08-18 09:45 8856 ----a-w- c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\admin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"MCShield Monitor"="c:\program files\MCShield\MCShieldRTM.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-09-05 3593744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk]
backup=c:\windows\pss\Box Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
backup=c:\windows\pss\Start GeekBuddy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk]
backup=c:\windows\pss\fliptoast.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 05:27 444904 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-06-25 08:16 1073352 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2014-08-04 12:20 161584 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 14:24 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-17 06:18 1417216 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-03-20 21:03 1797064 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2014-03-04 12:34 4348704 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2014-03-04 12:34 375128 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-30 18:17 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-08 07:04 6688024 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-04-22 18:52 1266520 ----a-w- c:\users\admin\AppData\Roaming\uTorrent\uTorrent.exe
.
R1 SuperMounter;SuperMounter; [x]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2012-06-04 283344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-04-16 15896]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-09-08 110296]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2012-07-24 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2012-07-24 120744]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2012-07-24 110632]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2012-07-24 27632]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-09-09 117272]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-09-08 142648]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-08-04 149296]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
R4 HTCMonitorService;HTCMonitorService;d:\programi\HTC\HSMServiceEntry.exe [2012-06-08 87368]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-24 204056]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-20 193304]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-07-02 199448]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-27 242240]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 35560]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2012-11-17 21624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-09-09 741488]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-09-09 105472]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2015\avgfws.exe [2014-09-05 1459872]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-09-05 3364368]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-09-05 293448]
S2 U3SDR200;U3SDR200;c:\windows\System32\Drivers\U3SDR200.SYS [2013-02-15 4224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2012-09-10 49240]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-09-09 127584]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1056256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
BullGuard_Backup REG_MULTI_SZ BsBackup
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 07:30]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-26 12:26]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-26 12:26]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014Core.job
- c:\users\Mama i Tata\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-10 20:48]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1014UA.job
- c:\users\Mama i Tata\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-10 20:48]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote
Trusted Zone: cleverreach.com\novastor
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,1f,5f,dd,6e,17,5d,0b,af,29,04,f4,50,1c,5d,b6,5a,31,dc,2a,90,44,64,
8e,73,d9,b3,de,a3,11,7a,ac,51,76,16,f3,b7,ee,ac,a2,d1,33,ed,9d,da,a6,4b,b0,\
"??"=hex:be,be,14,86,7f,95,87,82,c8,40,29,eb,e0,43,83,f5
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,f9,99,c8,86,20,5d,5c,86,29,74,04,ba,9d,66,70,5d,f5,74,bf,91,
d7,05,fa,ad,8a,21,5a,cb,23,23,cf,a2,15,5f,ce,b8,a2,72,3f,8a,dd,8b,59,4e,80,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-26 20:10:45
ComboFix-quarantined-files.txt 2014-09-26 18:10
ComboFix2.txt 2014-09-25 13:45
.
Pre-Run: 147,477,114,880 bytes free
Post-Run: 147,413,975,040 bytes free
.
- - End Of File - - AB54B86C5EE1D320717E15073CC53E42
A36C5E4F47E84449FF07ED3517B43A31

Poslao: 27 Sep 2014 19:06
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
ListPermissions: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk"
Reboot:
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 27 Sep 2014 21:31
Idi na vrh
offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1642
  • Gde živiš: Novi Banovci

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by admin at 2014-09-27 21:22:50 Run:2
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin & UpdatusUser & Mama i Tata)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
ListPermissions: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk"
Reboot:
End
*****************


"HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk -> Listing permissions failed. Access Denied.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => Key Deleted successfully.

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========



The system needed a reboot.

==== End of Fixlog ====

Poslao: 27 Sep 2014 22:42
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Dobro, sada resetuj Chrome nazad na defaulst podesavanja. Ako ne znas kako to da uradis, prati ovaj link:
[Link mogu videti samo ulogovani korisnici]






Sledeća procedura će implementirati završno čišćenje.



Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




.




Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu
 

Ukupno su 1340 korisnika na forumu :: 107 registrovanih, 9 sakrivenih i 1224 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aramis s, Aristotle2002, Baždaranac, blatruc82, bobo85, BojanB93, bojcistv, BOXRR, cenejac111, Colt D, Comyymoc, CraniumWhite, cyprus, dankisha, Darko Jovanovic, delboy, Despot Đurađ, dexteroza, Dimitrise93, djordjemiklusev, Dogma21, draganl, dskrlec33, Dungorth, elenemste, ElvisP, Folkstar, Frunze, Goran 0000, gorankuba, GrobarPovratak, ikan, jodzula, Jovan.D, KAIS, Kalu128338, Koridor, kovacicbozo, Kozi-RS, Koča, Kruger, Krusarac, Kubovac, kybonacci, laurusri, LG, Lieutenant, ljubsz, MaCS, Major91, marsovac 2, mercedesamg, metallac777, Mi lao shu, mile.ilic75, milikonst, Motocar, mrav pesadinac, Mzee, Naj-Turs, nelezele, nenooo, nuke92, operniki, Orc, ozzy, pablojepao, paja69, pceklic, ping15, pobeda, powSrb, Pururin, raketaš, raptorsi, Robin, rodoljub, royst33, S.Palestinac, samocitam, sap, Shinobi, ShtagodShtagod, Sirius, sistem22, Sonic, sspp, Stoilkovic, synergia, Tas011, Timočka Divizija, Troja, TTN, tubular, UncleSAM, vathra, vensla, VJ, Vlad000, vlado_pg, wolf431, x78186, Yekaterinburg, zil10, Zmaj Ognjeni Vuk, Zoran1959, 79693