MyCity » Ambulanta -> Arhiva Ambulante » Provera laptopa

Provera laptopa

Napisano na dan: 21.3.2014
1

Provera laptopa
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Mar 2014 01:05
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Srdacan pozdrav,
laptopu treba dugo vremena da se upali, od skoro mi seckaju pesme na youtubu,a posebno dok u drugom prozoru otvaram bilo sta drugo, desava se i da se ugasi dok mi sestra igra farmville.. Nedavno sam i preko poruke sa FBa pokupila neki virus koji je izgledao kao zipovana fotografija. Imam besplatni AVG kao zastitu i on ga je detektovao kao Skodna.BitCoinMiner.DX koji se nalazi u C:/Windows/explorer.exe(5232) ali nije mogao da ga ukoni,niti sam ja taj folder mogla da pronadjem. Onda sam upotrebila Backup and restore centar i kao vratila ga malo u proslost. Ne znam koliko sam bila uspesna, a i laik sam za te stvari.. Zahvaljujem se unapred na posvecenom vremenu.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 10.51.2
Run by MILENA at 0:17:33 on 2014-03-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.381.1033.18.2939.1031 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MessengerPlusForSkypeService] "c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: NameServer = 77.105.32.21 77.105.32.22
TCP: Interfaces\{4A4BF2D6-836F-46C7-A5CB-143A9565ED58} : DHCPNameServer = 77.105.32.21 77.105.32.22
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14} : NameServer = 77.105.0.18,77.105.0.19
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milena\appdata\roaming\mozilla\firefox\profiles\d6a14ai8.default-1364941198914\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\18.0.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2013-01-18 11:02; statuswinks@StatusWinks; c:\users\milena\appdata\roaming\mozilla\extensions\statuswinks@StatusWinks
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-4 42784]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-6-25 20384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-5-23 9216]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2013-1-28 128000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.0\ToolbarUpdater.exe [2014-3-3 1759768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-2-8 36608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-03-19 04:59:03 -------- d-----w- C:\$RECYCLE.BIN
2014-03-19 04:40:39 98816 ----a-w- c:\windows\sed.exe
2014-03-19 04:40:39 256000 ----a-w- c:\windows\PEV.exe
2014-03-19 04:40:39 208896 ----a-w- c:\windows\MBR.exe
2014-03-19 04:40:33 -------- d-----w- C:\ComboFix
2014-03-13 23:46:33 -------- d-----w- c:\users\milena\appdata\local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 18:53:09 -------- d-----w- c:\users\milena\appdata\roaming\.mono
2014-03-13 18:53:09 -------- d-----w- c:\programdata\.mono
2014-03-13 02:03:13 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-12 23:26:13 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:26:03 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:20:20 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-08 02:04:53 -------- d-----w- c:\users\milena\appdata\local\Skype
2014-03-03 02:10:05 -------- d-----w- c:\programdata\AVG Secure Search
2014-02-24 20:38:45 -------- d-----w- c:\users\milena\appdata\local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-22 20:16:55 -------- d-----w- c:\users\milena\appdata\local\{9475BF0A-543A-493A-ABAC-499C1561095C}
.
==================== Find3M ====================
.
2014-03-12 23:53:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 23:53:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-03 02:09:48 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-23 05:47:19 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-23 05:39:28 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 05:38:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-23 05:36:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-01 06:06:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
.
============= FINISH: 0:17:59,09 ===============

[Link mogu videti samo ulogovani korisnici]



Dok sam citala po vasoj arhivi preporuke skinula sam i ComboFix ,rekoh ne moze da skodi, mozda sam i smesna ali kopiracu vam i to Smile

ComboFix 14-03-19.01 - MILENA 19.03.2014 5:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.381.1033.18.2939.1514 [GMT 1:00]
Running from: c:\users\MILENA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Free Games 111\ScRIpthost.dll
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\EaFykX19nP.dat
c:\program files\YoutubeAdblocker\EaFykX19nP.tlb
c:\programdata\1aa93515de7961348ccba7eb67010f7a_c
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51e4a2115ac79.tlb
c:\programdata\SearchNewTab\L6Bgg1.dat
c:\programdata\SearchNewTab\OIVx_0U_7.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\programdata\SearchNewTab\Wl8rV.dat
c:\programdata\SearchNewTab\zikz.dat
c:\programdata\Vaudix
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\tQ2KeS.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\nJtLPHBbZt.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\TLr4K32CRrrs.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\icon48.png
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\XzHvw8N42whl.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\nSG3R.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\icon48.png
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\N4mTR_.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\WmLp6.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\s0EmfwmGI.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\eEO_6bNZ.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\000463.ldb
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\000465.log
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\CURRENT
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOCK
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOG
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOG.old
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\MANIFEST-000464
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aedbfldandkodemdijfcjpkfideagdbi_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aedbfldandkodemdijfcjpkfideagdbi_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnfopgpmmolhbibhlgpdganipoihlepb_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnfopgpmmolhbibhlgpdganipoihlepb_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coepicglgdaoahibnkckbgidenbghcdn_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coepicglgdaoahibnkckbgidenbghcdn_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkfhojammomcehcbbficjcheejflennl_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkfhojammomcehcbbficjcheejflennl_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkaodjiacpglniediifneegejciadkef_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkaodjiacpglniediifneegejciadkef_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klkdofhligeehimgpcpnefhjgomoopjo_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klkdofhligeehimgpcpnefhjgomoopjo_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifkamhnomdgeeeilohhniefpnlomifj_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifkamhnomdgeeeilohhniefpnlomifj_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\MILENA\AppData\Roaming\7go
c:\users\MILENA\AppData\Roaming\7go\7go.crx
c:\users\MILENA\AppData\Roaming\7go\icon.ico
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\bootstrap.js
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\chrome.manifest
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\content\zy.xul
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\install.rdf
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\bootstrap.js
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\chrome.manifest
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\content\1364919818.png
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\content\zy.xul
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\install.rdf
c:\windows\system32\Packet.dll
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\wpcap.dll
c:\windows\system32\xa161064012.exe
c:\windows\system32\xa161082997.exe
c:\windows\system32\xa9186087.exe
c:\windows\system32\xa9186914.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 04:53 . 2014-03-19 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-13 18:53 . 2014-03-13 18:53 -------- d-----w- c:\users\MILENA\AppData\Roaming\.mono
2014-03-13 18:53 . 2014-03-13 18:53 -------- d-----w- c:\programdata\.mono
2014-03-13 02:03 . 2014-02-23 05:40 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-12 23:26 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:26 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:20 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-08 02:04 . 2014-03-08 02:04 -------- d-----w- c:\users\MILENA\AppData\Local\Skype
2014-03-03 02:10 . 2014-03-12 22:59 -------- d-----w- c:\programdata\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 23:53 . 2012-04-09 13:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 23:53 . 2011-06-05 21:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-03 02:09 . 2013-03-04 04:08 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-01 06:06 . 2014-02-01 06:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-12-21 128000]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-03-03 2539544]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-11-19 16:25 2598520 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService]
2013-12-21 21:49 128000 ----a-w- c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-03-03 02:09 2539544 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 20:14 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:53]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 00:32]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 00:32]
.
2014-03-18 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2014-03-18 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 77.105.32.23 77.105.32.24
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: NameServer = 77.105.0.18,77.105.0.19
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-01-18 11:02; statuswinks@StatusWinks; c:\users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKCU-Run-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Browser Infrastructure Helper - c:\users\MILENA\AppData\Local\Smartbar\Application\Smartbar.exe
MSConfigStartUp-GoogleChromeAutoLaunch_A45C2A546099D25E0F7BE9CB70CA3B85 - c:\users\MILENA\AppData\Local\Google\Chrome\Application\chrome.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\oaZCdYc2E3p.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{26dc2c7a} - c:\progra~2\WEBGEN~1\WEBGEN~1.DLL
AddRemove-{7223EDAC-E091-B3C1-BD91-B66CE557800F} - c:\programdata\DiguiSavEr\ZkNKtjmhU.exe
AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\programdata\{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\Wl8rV.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2014-03-19 05:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-186265021-4188725586-2028780986-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:b1,4f,5f,e0,00,00,00,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Freemake\CaptureLib\CaptureLibService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-03-19 06:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-19 05:07
.
Pre-Run: 50.604.834.816 bytes free
Post-Run: 50.852.212.736 bytes free
.
- - End Of File - - 71929D17799872DD0177171F30D9C907
5C616939100B85E558DA92B899A0FC36



Poslao: 21 Mar 2014 15:35
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav i dobrodosla na forum.

Odmah u startu da te upozorim da se striktno pridrzavas uputstava koja dobijas i da nista ne radis na svoju ruku. S tim u vezi, nigde u uputstvu ne pise da korisnik pokrece Combofix i da se izlaze riziku.
Da li cu ja ili neko od mojih kolega da upotrebim Combofix, zavisi od vrste infekcije a za to se koriste dijagnosticki alati poput DDS-a.

Nadam se da smo se razumeli i uzimam u obzir da to nisi znala.

OK, idemo dalje.



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl



Poslao: 21 Mar 2014 20:58
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Dogovoreno, od sada ne radim nista na svoju ruku! Hvala na vremenu Very Happy

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by MILENA (administrator) on MILENA-PC on 21-03-2014 20:47:50
Running from C:\Users\MILENA\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Link mogu videti samo ulogovani korisnici]
Download link for 64-Bit Version: [Link mogu videti samo ulogovani korisnici]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Yuna Software) C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Yuna Software) C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MessengerPlusForSkypeService] - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-12-21] (Yuna Software)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-21] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-186265021-4188725586-2028780986-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-186265021-4188725586-2028780986-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC75B1D574D75CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {53572A18-B95B-4325-A079-FA3F1754773D} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&crm=1
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 77.105.32.21 77.105.32.22
Tcpip\..\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: [NameServer]77.105.0.18,77.105.0.19

FireFox:
========
FF ProfilePath: C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914
FF user.js: detected! => C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\user.js
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: DiigiSuavaeR - C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\Extensions\eej4ph-vav@fyo-gh.co.uk [2014-01-01]
FF Extension: DiguiSavEr - C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\Extensions\eueeaqg@cnnrgyooy.com [2014-01-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-18]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-18]

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Art Project, powered by Google) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2013-12-04]
CHR Extension: (Calorie Secrets) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkakkeppcemmggcopmjncnlpdefcmcj [2013-09-30]
CHR Extension: (ENGLISH MEMORY) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidhibeakadjobeknimdalmhfekikmaa [2013-07-16]
CHR Extension: (Lockify) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2013-09-30]
CHR Extension: (Angry Birds) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-16]
CHR Extension: (Google Docs) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (BeFunky Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-09-30]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2013-07-16]
CHR Extension: (Hidden Objects - House 1) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2013-09-30]
CHR Extension: (YouTube) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Illuum the Happy Journal) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\boaknhfgjephejfjkbhmeijoaadmlnem [2013-07-16]
CHR Extension: (Nimbus Screenshot) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2013-07-18]
CHR Extension: (Freemake Video Downloader) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-07-16]
CHR Extension: (Facebook Colour Changer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam [2013-07-16]
CHR Extension: (TV) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2013-09-30]
CHR Extension: (Relaxation and Meditation Timer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-10]
CHR Extension: (Look of Disapproval) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2013-07-16]
CHR Extension: (Google Search) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-07-16]
CHR Extension: (Fun Switcher) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-07-16]
CHR Extension: (PicMonkey Extension) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-07-16]
CHR Extension: (My Message Center) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkoiaajkgplnpjckonbjncgdkodoapid [2013-07-16]
CHR Extension: (Facebook news) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2013-09-30]
CHR Extension: (500px) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2013-09-30]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-07-16]
CHR Extension: (Fart Machine) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\einpcfelmfefokagdipbcfomecfbdggn [2013-09-30]
CHR Extension: (TextSendr - Free Text Messages) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgocgjichhbkknncchbobdlhkdkpbei [2013-07-16]
CHR Extension: (Google Calendar) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-09-30]
CHR Extension: (Hangman) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2013-07-16]
CHR Extension: (BMI Calci) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eldpbpbmgapooadcjcjdobhepjpbgipi [2013-07-16]
CHR Extension: (Chrome Voice Control) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk [2013-07-16]
CHR Extension: (Tarot.com | Daily Horoscope) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbbbgehnlcahdlepjinecleiimaichp [2013-07-16]
CHR Extension: (Hacker Vision) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2013-07-16]
CHR Extension: (Picditor Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2013-12-04]
CHR Extension: (Pictico — Coloring for Kids) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndkeamlgkegbmmoheplcndpopglacgf [2013-07-16]
CHR Extension: (Skype Invisible Status Detector) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjfelcdaefdjkhcpgmlppbfmfinmblc [2013-09-30]
CHR Extension: (Status Winks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih [2013-07-16]
CHR Extension: (Lunch Bug) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnoafdaceebmnoannffpabnhpkdollho [2013-09-30]
CHR Extension: (My Diary) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfnkanfehhehlajnhpajibfcfgkaikl [2013-09-30]
CHR Extension: (Forecastfox) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-07-16]
CHR Extension: (Glitterboo) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp [2013-07-16]
CHR Extension: (SearchNewTab) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkpkmdoidkddljnclfckcoadpgnklhm [2013-10-30]
CHR Extension: (Cookies) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2013-09-30]
CHR Extension: (Personal Trainer - Yoga) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjigbeknhpeholihfbnpmofgfnobdllk [2013-09-30]
CHR Extension: (Pixlr Touch Up) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2013-09-30]
CHR Extension: (Pic3D | 3D Converter) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcenahnngjklfilghhiochkndllljbj [2013-09-30]
CHR Extension: (Calculator) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2013-09-30]
CHR Extension: (Autodesk Homestyler) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-07-16]
CHR Extension: (Personal Trainer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2013-07-16]
CHR Extension: (WorkFlowy) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2013-09-30]
CHR Extension: (Webcam Toy) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-07-16]
CHR Extension: (Skype Click to Call) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-29]
CHR Extension: (Speed Analysis 3) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj [2013-09-16]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2013-07-18]
CHR Extension: (Download Youtube as mp3) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepapnoaejebkkpkpacihjlfekoggahp [2013-09-30]
CHR Extension: (English vocabulary) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj [2013-07-16]
CHR Extension: (DSL speedtest) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2013-09-30]
CHR Extension: (Pocket) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2013-09-30]
CHR Extension: (MP3 Cutter) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\najmoifnphdjfpiegfgakilfgkhjdkeh [2013-09-30]
CHR Extension: (VAudix) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nallgnbpjlbhajbiapijndbnjeacakhp [2013-10-30]
CHR Extension: (AVG Security Toolbar) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-16]
CHR Extension: (My Days - Period & Ovulation Tracker) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfopeeobiloabkklfmpobebjicddbjp [2013-07-16]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-10]
CHR Extension: (Google Wallet) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Hover Zoom) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-07-16]
CHR Extension: (Current Moon Phase (Northern Hemisphere)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2013-09-30]
CHR Extension: (piZap Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2013-09-30]
CHR Extension: (English irregular verbs 2) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocmemdngcmpkekknchlhnbibgbehhpan [2013-07-16]
CHR Extension: (Origami Player) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-07-16]
CHR Extension: (Wunderlist for Chrome) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2013-09-30]
CHR Extension: (FitnessBliss) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdgckbdimehmjcfoddoghjieapefide [2013-09-30]
CHR Extension: (uTorrentControl2) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-07-16]
CHR Extension: (Psykopaint) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-09-30]
CHR Extension: (World Clocks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2013-09-30]
CHR Extension: (Gmail) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2013-09-30]
CHR Extension: (Yann Arthus-Bertrand) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc [2014-03-15]
CHR Extension: (Browser QuickLinks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm [2013-07-16]
CHR Extension: (BodBot – Personal Trainer and Nutritionist) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2013-09-30]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\MILENA\AppData\Roaming\7go\7go.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\MILENA\AppData\Roaming\StatusWinks\statuswinks.crx [2012-11-05]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mbmpjbkgemhgalmeiigcdljkccfcafoj] - C:\Users\MILENA\AppData\Roaming\SpeedAnalysis3\SpeedAnalysis.crx [2013-08-28]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-21]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\MILENA\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\MILENA\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.)
R2 MsgPlusService; C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-12-21] (Yuna Software)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-03-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-03-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-03-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-03-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-03-11] (MCCI)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 athur; system32\DRIVERS\athur.sys [X]
S3 catchme; \??\C:\Users\MILENA\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 20:47 - 2014-03-21 20:48 - 00035483 _____ () C:\Users\MILENA\Desktop\FRST.txt
2014-03-21 20:47 - 2014-03-21 20:47 - 00000000 ____D () C:\FRST
2014-03-21 20:46 - 2014-03-21 20:46 - 01145856 _____ (Farbar) C:\Users\MILENA\Desktop\FRST.exe
2014-03-21 13:24 - 2014-03-21 13:24 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 10:36 - 2014-03-21 10:36 - 00000104 _____ () C:\Users\MILENA\Desktop\Control Panel - Shortcut.lnk
2014-03-21 01:53 - 2014-03-21 01:53 - 00000000 ____D () C:\Windows\CheckSur
2014-03-21 00:18 - 2014-03-21 00:18 - 00014157 _____ () C:\Users\MILENA\Desktop\attach.txt
2014-03-21 00:18 - 2014-03-21 00:17 - 00014726 _____ () C:\Users\MILENA\Desktop\dds.txt
2014-03-19 06:07 - 2014-03-19 06:07 - 00027481 _____ () C:\ComboFix.txt
2014-03-19 05:40 - 2014-03-19 06:07 - 00000000 ____D () C:\Qoobox
2014-03-19 05:40 - 2014-03-19 06:07 - 00000000 ____D () C:\ComboFix
2014-03-19 05:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-19 05:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-19 05:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-19 05:39 - 2014-03-19 06:05 - 00000000 ____D () C:\Windows\erdnt
2014-03-19 05:14 - 2014-03-19 05:14 - 05190052 ____R (Swearware) C:\Users\MILENA\Desktop\ComboFix.exe
2014-03-14 00:46 - 2014-03-14 00:46 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\.mono
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\ProgramData\.mono
2014-03-13 03:03 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:26 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:26 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:21 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 00:21 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:21 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:21 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:21 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:21 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 00:21 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:21 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 00:21 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 00:21 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 00:21 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:21 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:20 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-08 03:04 - 2014-03-08 03:04 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Skype
2014-03-06 06:07 - 2014-03-06 06:07 - 00000071 _____ () C:\Users\MILENA\Desktop\listen (1).pls
2014-03-06 06:04 - 2014-03-06 06:04 - 00000071 _____ () C:\Users\MILENA\Desktop\listen.pls
2014-02-24 21:38 - 2014-02-24 21:38 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-22 21:16 - 2014-02-22 21:17 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{9475BF0A-543A-493A-ABAC-499C1561095C}
2014-02-22 18:19 - 2014-02-22 18:19 - 00013948 _____ () C:\Users\MILENA\Desktop\OGLAS..odt

==================== One Month Modified Files and Folders =======

2014-03-21 20:48 - 2014-03-21 20:47 - 00035483 _____ () C:\Users\MILENA\Desktop\FRST.txt
2014-03-21 20:47 - 2014-03-21 20:47 - 00000000 ____D () C:\FRST
2014-03-21 20:46 - 2014-03-21 20:46 - 01145856 _____ (Farbar) C:\Users\MILENA\Desktop\FRST.exe
2014-03-21 20:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:41 - 2009-06-27 01:54 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\Skype
2014-03-21 20:41 - 2009-06-25 03:01 - 01643157 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 20:19 - 2013-05-24 01:32 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 20:14 - 2010-11-29 22:37 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-03-21 20:10 - 2013-05-24 01:32 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 20:10 - 2013-03-04 05:08 - 00000000 ____D () C:\Users\MILENA\AppData\Local\AVG Secure Search
2014-03-21 20:10 - 2012-04-09 14:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 14:16 - 2013-03-13 12:47 - 00414704 _____ () C:\Windows\PFRO.log
2014-03-21 14:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 14:15 - 2006-11-02 14:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 14:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-21 13:55 - 2006-11-02 11:33 - 00766208 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 13:24 - 2014-03-21 13:24 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 13:24 - 2013-03-04 05:08 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-21 13:24 - 2013-03-04 05:08 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-21 10:36 - 2014-03-21 10:36 - 00000104 _____ () C:\Users\MILENA\Desktop\Control Panel - Shortcut.lnk
2014-03-21 01:53 - 2014-03-21 01:53 - 00000000 ____D () C:\Windows\CheckSur
2014-03-21 01:53 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-21 01:50 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-03-21 00:18 - 2014-03-21 00:18 - 00014157 _____ () C:\Users\MILENA\Desktop\attach.txt
2014-03-21 00:17 - 2014-03-21 00:18 - 00014726 _____ () C:\Users\MILENA\Desktop\dds.txt
2014-03-19 06:07 - 2014-03-19 06:07 - 00027481 _____ () C:\ComboFix.txt
2014-03-19 06:07 - 2014-03-19 05:40 - 00000000 ____D () C:\Qoobox
2014-03-19 06:07 - 2014-03-19 05:40 - 00000000 ____D () C:\ComboFix
2014-03-19 06:07 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-19 06:07 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-19 06:05 - 2014-03-19 05:39 - 00000000 ____D () C:\Windows\erdnt
2014-03-19 06:00 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-19 05:57 - 2012-06-03 12:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 05:55 - 2006-11-02 11:22 - 54788096 _____ () C:\Windows\system32\config\software.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 38535168 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 23592960 _____ () C:\Windows\system32\config\system.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-19 05:52 - 2014-02-01 07:20 - 00000000 ____D () C:\Program Files\Free Games 111
2014-03-19 05:14 - 2014-03-19 05:14 - 05190052 ____R (Swearware) C:\Users\MILENA\Desktop\ComboFix.exe
2014-03-16 15:20 - 2013-12-28 00:33 - 00000000 ____D () C:\ProgramData\WebGeniuos
2014-03-14 21:44 - 2013-09-30 08:33 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Unity
2014-03-14 00:46 - 2014-03-14 00:46 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\.mono
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\ProgramData\.mono
2014-03-13 06:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 05:56 - 2006-11-02 13:47 - 00355064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 05:53 - 2009-10-05 06:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 00:53 - 2012-04-09 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 00:53 - 2011-06-05 22:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 00:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-12 23:59 - 2013-06-13 22:34 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\vlc
2014-03-12 23:59 - 2013-04-10 15:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-12 23:59 - 2013-03-04 05:08 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-03-12 23:59 - 2013-01-28 04:57 - 00000000 ___RD () C:\Program Files\Skype
2014-03-12 23:59 - 2009-06-25 02:22 - 00000000 ____D () C:\Users\MILENA
2014-03-12 23:59 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-12 23:59 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-12 23:59 - 2006-11-02 11:22 - 54788096 _____ () C:\Windows\system32\config\software_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 38535168 _____ () C:\Windows\system32\config\components_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 23592960 _____ () C:\Windows\system32\config\system_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-08 03:04 - 2014-03-08 03:04 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Skype
2014-03-08 03:04 - 2009-06-27 01:53 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 06:07 - 2014-03-06 06:07 - 00000071 _____ () C:\Users\MILENA\Desktop\listen (1).pls
2014-03-06 06:04 - 2014-03-06 06:04 - 00000071 _____ () C:\Users\MILENA\Desktop\listen.pls
2014-03-04 11:02 - 2009-06-25 03:55 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Adobe
2014-03-01 21:10 - 2009-06-26 14:01 - 00119808 _____ () C:\Users\MILENA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 21:38 - 2014-02-24 21:38 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-23 06:50 - 2014-03-13 00:21 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-13 00:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-13 00:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-13 00:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-13 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-13 00:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-13 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:38 - 2014-03-13 00:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-13 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:37 - 2014-03-13 00:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-13 00:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-13 00:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-13 00:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 21:17 - 2014-02-22 21:16 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{9475BF0A-543A-493A-ABAC-499C1561095C}
2014-02-22 21:17 - 2010-10-21 02:12 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Windows Live
2014-02-22 18:19 - 2014-02-22 18:19 - 00013948 _____ () C:\Users\MILENA\Desktop\OGLAS..odt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 14:24

==================== End Of Log ============================
[Link mogu videti samo ulogovani korisnici]

Poslao: 21 Mar 2014 21:29
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Idemo jedno po jedno.

Arrow

Imas ostatke Kaspersky Antivirusa. Preuzmi Removal tool sa linka ispod, pokreni ga i isprati korake
[Link mogu videti samo ulogovani korisnici]



Arrow

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt



Arrow


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-a.....rome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
Browse2save (HKLM\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version:  - BrowseToSave) <==== ATTENTION
BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version:  - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\MILENA\Downloads\application for employement.eml:OECustomProperty
Task: {E7666D32-6029-4242-9BF8-146F631574A6} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {F1C44F0F-2067-4680-9A16-6F7E4779B952} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21] ()
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
End
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.





Arrow

Nakon sto odradis ove korake, pokreni ponovo FRST i postavi mi sveze logove.

Poslao: 21 Mar 2014 22:17
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Napisano: 21 Mar 2014 22:14

[Link mogu videti samo ulogovani korisnici]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by MILENA at 2014-03-21 22:05:13 Run:1
Running from C:\Users\MILENA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&crm=1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
Browse2save (HKLM\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version: - BrowseToSave) <==== ATTENTION
BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version: - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\MILENA\Downloads\application for employement.eml:OECustomProperty
Task: {E7666D32-6029-4242-9BF8-146F631574A6} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {F1C44F0F-2067-4680-9A16-6F7E4779B952} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21] ()
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} => Key not found.
HKCR\Wow6432Node\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
vToolbarUpdater18.0.5 => Service deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Users\MILENA\Downloads\application for employement.eml => ":OECustomProperty" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7666D32-6029-4242-9BF8-146F631574A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7666D32-6029-4242-9BF8-146F631574A6} => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Registration => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1C44F0F-2067-4680-9A16-6F7E4779B952} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1C44F0F-2067-4680-9A16-6F7E4779B952} => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Update Version2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version2 => Key deleted successfully.
C:\Windows\Tasks\ParetoLogic Registration.job => Moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version2.job => Moved successfully.
"C:\Windows\Tasks\ParetoLogic Registration.job" => File/Directory not found.
"C:\Windows\Tasks\ParetoLogic Update Version2.job" => File/Directory not found.

==== End of Fixlog ====


Valjda sam ovo do sad uradila kako treba, sada cu ponovo da pokrenem frst pa cu da postavim sveze logove.

Dopuna: 21 Mar 2014 22:17

[Link mogu videti samo ulogovani korisnici]

Poslao: 21 Mar 2014 22:39
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.


S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service



U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum

Poslao: 21 Mar 2014 22:51
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by MILENA at 2014-03-21 22:44:29 Run:2
Running from C:\Users\MILENA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service
*****************

26dc2c7a => Service deleted successfully.

==== End of Fixlog ====

Poslao: 21 Mar 2014 23:01
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
[Link mogu videti samo ulogovani korisnici]

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.


Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Poslao: 21 Mar 2014 23:39
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Malwarebytes Anti-Malware 1.75.0.1300
[Link mogu videti samo ulogovani korisnici]

Verzija baze: v2014.03.21.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
MILENA :: MILENA-PC [administrator]

21.3.2014 23:04:33
mbam-log-2014-03-21 (23-04-33).txt

Način skeniranja: Brzo skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 233452
Proteklo vreme 10 minuta(e), 1 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 4
HKCR\Free Games 111.Tool (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Free Games 111.Tool.1 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Speed Test (4354).BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Speed Test (4354).BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 6
C:\Program Files\SearchNewTab (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames111 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest127 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano

Detektovane datoteke: 46
C:\ProgramData\InstallMate\{8F76B5A8-A554-4ABB-A850-ED765495975E}\Custom.dll (Adware.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Desktop\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\xmastree.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\waterscenesss.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\moonlight.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\lake.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\marine2.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\waterfalls3.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B4PXO59B\upgrade[1].cab (Adware.Agent.ZGen) -> Stavljeno u karantin i uspešno obrisano
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B4PXO59B\upgrade[2].cab (Adware.Zwangi) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\7vs.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\7vs.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\BMlr.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\BMlr.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\UKjEyBKs.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\UKjEyBKs.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\freegames4357.crx (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\freegames4357DeskTopIcon.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\install_helper.exe (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\install_helper.exe (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\speedtest4354.crx (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\speedtest4354DeskTopIcon.ico (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest127\speedtest127.xpi (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\DeskTopIcon.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\background.html (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\button.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\config.xml (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\content.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon128.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon128.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon16.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon16.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon18.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon18.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon24.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon24.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon32.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon32.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon48.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon48.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\jquery-1.9.1.min.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\json2.min.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\options.htm (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\rjs.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\updater.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\updaterWrapper.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano

(kraj)

Poslao: 21 Mar 2014 23:43
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Odlicno, Malwarebytes zadrzi jer je to odlican program, a sad si videla kako radi.


Kako se sada ponasa Toshiba Smile

MyCity » Ambulanta -> Arhiva Ambulante » Provera laptopa

Ko je trenutno na forumu
 

Ukupno su 1541 korisnika na forumu :: 112 registrovanih, 15 sakrivenih i 1414 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100jan, 357magnum, Aleksandar Tomić, AMX72, APS, Aristotle2002, Asparagus, babaroga, bankulen, Baždaranac, Ben Roj, bojanstros9, Bombarder, Bombona, branko87, BrcakRS, Bubimir, cenejac111, Chainsaw, Colt D, darkdruid72, dd201176, debeli, dejan.7951, Dejan_vw, deks, desmeki, Despot Đurađ, Dexlex, Djota1, DonRumataEstorski, Dorcolac, Dragan7777, draganca, Dragon Order, DrNeoCortex, DzigiNS, elenemste, Feller, Futog 74, Goran_, goxin, GveX, HrcAk47, ikan, Jager715510, joca83, Jozo74, Još malo pa deda, Kajzer Soze, Kaponi, Klecaviks, KUZMAR, kybonacci, lacko, ladro, laurusri, lima, Lucije Kvint, MaCS, Manjane, max power, miki kv, mikrimaus, mkukoleca, Mldo, mm1811, mocnijogurt, moldway, mrav pesadinac, nemkea71, neutrino, niksa517, nobutado, Oklopnjak, opt1, Orc, Papadubi, Peruta, Petarvu, Podljub, Povratak1912, Pururin, R_038, raketaš, rodoljub, sale76, saputnik plavetnila, Sass Drake, Sava89, sekretar, Singidunumac, Smajser, stegonosa, theNedjeljko, tihi-posmatrac, TRAVUNIJA, tritonus, Tvrtko I, uruk, VaRvArI 85, vathra, vidra1, virked, Vlad000, vlajkox, vojnik švejk, volimpivuvolimrakiju, Volkhov-M, x011, Zec, zlaya011