MyCity » Ambulanta -> Arhiva Ambulante » Provera laptopa

Provera laptopa

Napisano na dan: 21.3.2014
1

Provera laptopa
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Mar 2014 01:05
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Srdacan pozdrav,
laptopu treba dugo vremena da se upali, od skoro mi seckaju pesme na youtubu,a posebno dok u drugom prozoru otvaram bilo sta drugo, desava se i da se ugasi dok mi sestra igra farmville.. Nedavno sam i preko poruke sa FBa pokupila neki virus koji je izgledao kao zipovana fotografija. Imam besplatni AVG kao zastitu i on ga je detektovao kao Skodna.BitCoinMiner.DX koji se nalazi u C:/Windows/explorer.exe(5232) ali nije mogao da ga ukoni,niti sam ja taj folder mogla da pronadjem. Onda sam upotrebila Backup and restore centar i kao vratila ga malo u proslost. Ne znam koliko sam bila uspesna, a i laik sam za te stvari.. Zahvaljujem se unapred na posvecenom vremenu.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 10.51.2
Run by MILENA at 0:17:33 on 2014-03-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.381.1033.18.2939.1031 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.lphant.net
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MessengerPlusForSkypeService] "c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 77.105.32.21 77.105.32.22
TCP: Interfaces\{4A4BF2D6-836F-46C7-A5CB-143A9565ED58} : DHCPNameServer = 77.105.32.21 77.105.32.22
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14} : NameServer = 77.105.0.18,77.105.0.19
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milena\appdata\roaming\mozilla\firefox\profiles\d6a14ai8.default-1364941198914\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\18.0.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2013-01-18 11:02; statuswinks@StatusWinks; c:\users\milena\appdata\roaming\mozilla\extensions\statuswinks@StatusWinks
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-4 42784]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-6-25 20384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-5-23 9216]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2013-1-28 128000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.0\ToolbarUpdater.exe [2014-3-3 1759768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-2-8 36608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-03-19 04:59:03 -------- d-----w- C:\$RECYCLE.BIN
2014-03-19 04:40:39 98816 ----a-w- c:\windows\sed.exe
2014-03-19 04:40:39 256000 ----a-w- c:\windows\PEV.exe
2014-03-19 04:40:39 208896 ----a-w- c:\windows\MBR.exe
2014-03-19 04:40:33 -------- d-----w- C:\ComboFix
2014-03-13 23:46:33 -------- d-----w- c:\users\milena\appdata\local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 18:53:09 -------- d-----w- c:\users\milena\appdata\roaming\.mono
2014-03-13 18:53:09 -------- d-----w- c:\programdata\.mono
2014-03-13 02:03:13 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-12 23:26:13 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:26:03 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:20:20 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-08 02:04:53 -------- d-----w- c:\users\milena\appdata\local\Skype
2014-03-03 02:10:05 -------- d-----w- c:\programdata\AVG Secure Search
2014-02-24 20:38:45 -------- d-----w- c:\users\milena\appdata\local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-22 20:16:55 -------- d-----w- c:\users\milena\appdata\local\{9475BF0A-543A-493A-ABAC-499C1561095C}
.
==================== Find3M ====================
.
2014-03-12 23:53:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 23:53:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-03 02:09:48 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-23 05:47:19 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-23 05:39:28 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 05:38:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-23 05:36:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-01 06:06:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
.
============= FINISH: 0:17:59,09 ===============

mycity.rs/must-login.png



Dok sam citala po vasoj arhivi preporuke skinula sam i ComboFix ,rekoh ne moze da skodi, mozda sam i smesna ali kopiracu vam i to Smile

ComboFix 14-03-19.01 - MILENA 19.03.2014 5:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.381.1033.18.2939.1514 [GMT 1:00]
Running from: c:\users\MILENA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Free Games 111\ScRIpthost.dll
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\EaFykX19nP.dat
c:\program files\YoutubeAdblocker\EaFykX19nP.tlb
c:\programdata\1aa93515de7961348ccba7eb67010f7a_c
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51e4a2115ac79.tlb
c:\programdata\SearchNewTab\L6Bgg1.dat
c:\programdata\SearchNewTab\OIVx_0U_7.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\programdata\SearchNewTab\Wl8rV.dat
c:\programdata\SearchNewTab\zikz.dat
c:\programdata\Vaudix
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedbfldandkodemdijfcjpkfideagdbi\1.0\tQ2KeS.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfopgpmmolhbibhlgpdganipoihlepb\1.0\nJtLPHBbZt.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coepicglgdaoahibnkckbgidenbghcdn\1.0\TLr4K32CRrrs.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\icon48.png
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkfinjnnjmfbakadapmgkiephfcnmhg\1.0\XzHvw8N42whl.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfhojammomcehcbbficjcheejflennl\2.19\nSG3R.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\icon48.png
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaimdbbhfbdnokjnjllpbdcdnhopcgh\1.0\N4mTR_.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\newtab.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkaodjiacpglniediifneegejciadkef\1.0\WmLp6.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klkdofhligeehimgpcpnefhjgomoopjo\2.19\s0EmfwmGI.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\background.html
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\content.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\eEO_6bNZ.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\lsdb.js
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkamhnomdgeeeilohhniefpnlomifj\1.3\manifest.json
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\000463.ldb
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\000465.log
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\CURRENT
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOCK
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOG
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\LOG.old
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\coepicglgdaoahibnkckbgidenbghcdn\MANIFEST-000464
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aedbfldandkodemdijfcjpkfideagdbi_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aedbfldandkodemdijfcjpkfideagdbi_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnfopgpmmolhbibhlgpdganipoihlepb_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnfopgpmmolhbibhlgpdganipoihlepb_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coepicglgdaoahibnkckbgidenbghcdn_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coepicglgdaoahibnkckbgidenbghcdn_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkfhojammomcehcbbficjcheejflennl_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fkfhojammomcehcbbficjcheejflennl_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkaodjiacpglniediifneegejciadkef_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkaodjiacpglniediifneegejciadkef_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klkdofhligeehimgpcpnefhjgomoopjo_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klkdofhligeehimgpcpnefhjgomoopjo_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifkamhnomdgeeeilohhniefpnlomifj_0.localstorage-journal
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifkamhnomdgeeeilohhniefpnlomifj_0.localstorage
c:\users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\MILENA\AppData\Roaming\7go
c:\users\MILENA\AppData\Roaming\7go\7go.crx
c:\users\MILENA\AppData\Roaming\7go\icon.ico
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\bootstrap.js
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\chrome.manifest
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\content\zy.xul
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\dkxgimmqw@iua-huiay.org\install.rdf
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\bootstrap.js
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\chrome.manifest
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\content\1364919818.png
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\content\zy.xul
c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\cvsrn11b.default\extensions\qdta2y@prjf.co.uk\install.rdf
c:\windows\system32\Packet.dll
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\wpcap.dll
c:\windows\system32\xa161064012.exe
c:\windows\system32\xa161082997.exe
c:\windows\system32\xa9186087.exe
c:\windows\system32\xa9186914.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 04:53 . 2014-03-19 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-13 18:53 . 2014-03-13 18:53 -------- d-----w- c:\users\MILENA\AppData\Roaming\.mono
2014-03-13 18:53 . 2014-03-13 18:53 -------- d-----w- c:\programdata\.mono
2014-03-13 02:03 . 2014-02-23 05:40 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-12 23:26 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 23:26 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 23:20 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-08 02:04 . 2014-03-08 02:04 -------- d-----w- c:\users\MILENA\AppData\Local\Skype
2014-03-03 02:10 . 2014-03-12 22:59 -------- d-----w- c:\programdata\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 23:53 . 2012-04-09 13:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 23:53 . 2011-06-05 21:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-03 02:09 . 2013-03-04 04:08 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-01 06:06 . 2014-02-01 06:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-12-21 128000]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-03-03 2539544]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^MILENA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\MILENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-11-19 16:25 2598520 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlusForSkypeService]
2013-12-21 21:49 128000 ----a-w- c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-03-03 02:09 2539544 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 20:14 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:53]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 00:32]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 00:32]
.
2014-03-18 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2014-03-18 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.lphant.net
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 77.105.32.23 77.105.32.24
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: NameServer = 77.105.0.18,77.105.0.19
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-01-18 11:02; statuswinks@StatusWinks; c:\users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKCU-Run-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Browser Infrastructure Helper - c:\users\MILENA\AppData\Local\Smartbar\Application\Smartbar.exe
MSConfigStartUp-GoogleChromeAutoLaunch_A45C2A546099D25E0F7BE9CB70CA3B85 - c:\users\MILENA\AppData\Local\Google\Chrome\Application\chrome.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\oaZCdYc2E3p.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{26dc2c7a} - c:\progra~2\WEBGEN~1\WEBGEN~1.DLL
AddRemove-{7223EDAC-E091-B3C1-BD91-B66CE557800F} - c:\programdata\DiguiSavEr\ZkNKtjmhU.exe
AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\programdata\{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\Wl8rV.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-03-19 05:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-186265021-4188725586-2028780986-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:b1,4f,5f,e0,00,00,00,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Freemake\CaptureLib\CaptureLibService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-03-19 06:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-19 05:07
.
Pre-Run: 50.604.834.816 bytes free
Post-Run: 50.852.212.736 bytes free
.
- - End Of File - - 71929D17799872DD0177171F30D9C907
5C616939100B85E558DA92B899A0FC36

Poslao: 21 Mar 2014 15:35
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav i dobrodosla na forum.

Odmah u startu da te upozorim da se striktno pridrzavas uputstava koja dobijas i da nista ne radis na svoju ruku. S tim u vezi, nigde u uputstvu ne pise da korisnik pokrece Combofix i da se izlaze riziku.
Da li cu ja ili neko od mojih kolega da upotrebim Combofix, zavisi od vrste infekcije a za to se koriste dijagnosticki alati poput DDS-a.

Nadam se da smo se razumeli i uzimam u obzir da to nisi znala.

OK, idemo dalje.



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

Poslao: 21 Mar 2014 20:58
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Dogovoreno, od sada ne radim nista na svoju ruku! Hvala na vremenu Very Happy

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by MILENA (administrator) on MILENA-PC on 21-03-2014 20:47:50
Running from C:\Users\MILENA\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Yuna Software) C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Yuna Software) C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MessengerPlusForSkypeService] - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-12-21] (Yuna Software)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-21] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-186265021-4188725586-2028780986-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-186265021-4188725586-2028780986-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.lphant.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC75B1D574D75CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {53572A18-B95B-4325-A079-FA3F1754773D} URL = google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = us.yhs.search.yahoo.com/avg/search?fr=yhs-a.....rome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 77.105.32.21 77.105.32.22
Tcpip\..\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: [NameServer]77.105.0.18,77.105.0.19

FireFox:
========
FF ProfilePath: C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914
FF user.js: detected! => C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\user.js
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: DiigiSuavaeR - C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\Extensions\eej4ph-vav@fyo-gh.co.uk [2014-01-01]
FF Extension: DiguiSavEr - C:\Users\MILENA\AppData\Roaming\Mozilla\Firefox\Profiles\d6a14ai8.default-1364941198914\Extensions\eueeaqg@cnnrgyooy.com [2014-01-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-18]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\MILENA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-18]

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Art Project, powered by Google) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2013-12-04]
CHR Extension: (Calorie Secrets) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkakkeppcemmggcopmjncnlpdefcmcj [2013-09-30]
CHR Extension: (ENGLISH MEMORY) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidhibeakadjobeknimdalmhfekikmaa [2013-07-16]
CHR Extension: (Lockify) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2013-09-30]
CHR Extension: (Angry Birds) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-16]
CHR Extension: (Google Docs) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (BeFunky Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-09-30]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2013-07-16]
CHR Extension: (Hidden Objects - House 1) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2013-09-30]
CHR Extension: (YouTube) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Illuum the Happy Journal) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\boaknhfgjephejfjkbhmeijoaadmlnem [2013-07-16]
CHR Extension: (Nimbus Screenshot) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2013-07-18]
CHR Extension: (Freemake Video Downloader) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-07-16]
CHR Extension: (Facebook Colour Changer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam [2013-07-16]
CHR Extension: (TV) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2013-09-30]
CHR Extension: (Relaxation and Meditation Timer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-10]
CHR Extension: (Look of Disapproval) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2013-07-16]
CHR Extension: (Google Search) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-07-16]
CHR Extension: (Fun Switcher) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-07-16]
CHR Extension: (PicMonkey Extension) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-07-16]
CHR Extension: (My Message Center) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkoiaajkgplnpjckonbjncgdkodoapid [2013-07-16]
CHR Extension: (Facebook news) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2013-09-30]
CHR Extension: (500px) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2013-09-30]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-07-16]
CHR Extension: (Fart Machine) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\einpcfelmfefokagdipbcfomecfbdggn [2013-09-30]
CHR Extension: (TextSendr - Free Text Messages) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgocgjichhbkknncchbobdlhkdkpbei [2013-07-16]
CHR Extension: (Google Calendar) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-09-30]
CHR Extension: (Hangman) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2013-07-16]
CHR Extension: (BMI Calci) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eldpbpbmgapooadcjcjdobhepjpbgipi [2013-07-16]
CHR Extension: (Chrome Voice Control) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk [2013-07-16]
CHR Extension: (Tarot.com | Daily Horoscope) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbbbgehnlcahdlepjinecleiimaichp [2013-07-16]
CHR Extension: (Hacker Vision) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2013-07-16]
CHR Extension: (Picditor Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi [2013-12-04]
CHR Extension: (Pictico — Coloring for Kids) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndkeamlgkegbmmoheplcndpopglacgf [2013-07-16]
CHR Extension: (Skype Invisible Status Detector) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjfelcdaefdjkhcpgmlppbfmfinmblc [2013-09-30]
CHR Extension: (Status Winks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih [2013-07-16]
CHR Extension: (Lunch Bug) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnoafdaceebmnoannffpabnhpkdollho [2013-09-30]
CHR Extension: (My Diary) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfnkanfehhehlajnhpajibfcfgkaikl [2013-09-30]
CHR Extension: (Forecastfox) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-07-16]
CHR Extension: (Glitterboo) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikkpgihagilojnkmkkfcbhlainmnkicp [2013-07-16]
CHR Extension: (SearchNewTab) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkpkmdoidkddljnclfckcoadpgnklhm [2013-10-30]
CHR Extension: (Cookies) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2013-09-30]
CHR Extension: (Personal Trainer - Yoga) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjigbeknhpeholihfbnpmofgfnobdllk [2013-09-30]
CHR Extension: (Pixlr Touch Up) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2013-09-30]
CHR Extension: (Pic3D | 3D Converter) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcenahnngjklfilghhiochkndllljbj [2013-09-30]
CHR Extension: (Calculator) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2013-09-30]
CHR Extension: (Autodesk Homestyler) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-07-16]
CHR Extension: (Personal Trainer) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2013-07-16]
CHR Extension: (WorkFlowy) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2013-09-30]
CHR Extension: (Webcam Toy) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-07-16]
CHR Extension: (Skype Click to Call) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-29]
CHR Extension: (Speed Analysis 3) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj [2013-09-16]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2013-07-18]
CHR Extension: (Download Youtube as mp3) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepapnoaejebkkpkpacihjlfekoggahp [2013-09-30]
CHR Extension: (English vocabulary) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj [2013-07-16]
CHR Extension: (DSL speedtest) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2013-09-30]
CHR Extension: (Pocket) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2013-09-30]
CHR Extension: (MP3 Cutter) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\najmoifnphdjfpiegfgakilfgkhjdkeh [2013-09-30]
CHR Extension: (VAudix) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nallgnbpjlbhajbiapijndbnjeacakhp [2013-10-30]
CHR Extension: (AVG Security Toolbar) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-16]
CHR Extension: (My Days - Period & Ovulation Tracker) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfopeeobiloabkklfmpobebjicddbjp [2013-07-16]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-10]
CHR Extension: (Google Wallet) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Hover Zoom) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-07-16]
CHR Extension: (Current Moon Phase (Northern Hemisphere)) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2013-09-30]
CHR Extension: (piZap Photo Editor) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2013-09-30]
CHR Extension: (English irregular verbs 2) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocmemdngcmpkekknchlhnbibgbehhpan [2013-07-16]
CHR Extension: (Origami Player) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-07-16]
CHR Extension: (Wunderlist for Chrome) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2013-09-30]
CHR Extension: (FitnessBliss) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdgckbdimehmjcfoddoghjieapefide [2013-09-30]
CHR Extension: (uTorrentControl2) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-07-16]
CHR Extension: (Psykopaint) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-09-30]
CHR Extension: (World Clocks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2013-09-30]
CHR Extension: (Gmail) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2013-09-30]
CHR Extension: (Yann Arthus-Bertrand) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc [2014-03-15]
CHR Extension: (Browser QuickLinks) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm [2013-07-16]
CHR Extension: (BodBot – Personal Trainer and Nutritionist) - C:\Users\MILENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2013-09-30]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\MILENA\AppData\Roaming\7go\7go.crx [2013-05-23]
CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\MILENA\AppData\Roaming\StatusWinks\statuswinks.crx [2012-11-05]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mbmpjbkgemhgalmeiigcdljkccfcafoj] - C:\Users\MILENA\AppData\Roaming\SpeedAnalysis3\SpeedAnalysis.crx [2013-08-28]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-21]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\MILENA\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\MILENA\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.)
R2 MsgPlusService; C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000 2013-12-21] (Yuna Software)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-04-24] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2008-02-06] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-03-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-03-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-03-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-03-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-03-11] (MCCI)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 athur; system32\DRIVERS\athur.sys [X]
S3 catchme; \??\C:\Users\MILENA\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 20:47 - 2014-03-21 20:48 - 00035483 _____ () C:\Users\MILENA\Desktop\FRST.txt
2014-03-21 20:47 - 2014-03-21 20:47 - 00000000 ____D () C:\FRST
2014-03-21 20:46 - 2014-03-21 20:46 - 01145856 _____ (Farbar) C:\Users\MILENA\Desktop\FRST.exe
2014-03-21 13:24 - 2014-03-21 13:24 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 10:36 - 2014-03-21 10:36 - 00000104 _____ () C:\Users\MILENA\Desktop\Control Panel - Shortcut.lnk
2014-03-21 01:53 - 2014-03-21 01:53 - 00000000 ____D () C:\Windows\CheckSur
2014-03-21 00:18 - 2014-03-21 00:18 - 00014157 _____ () C:\Users\MILENA\Desktop\attach.txt
2014-03-21 00:18 - 2014-03-21 00:17 - 00014726 _____ () C:\Users\MILENA\Desktop\dds.txt
2014-03-19 06:07 - 2014-03-19 06:07 - 00027481 _____ () C:\ComboFix.txt
2014-03-19 05:40 - 2014-03-19 06:07 - 00000000 ____D () C:\Qoobox
2014-03-19 05:40 - 2014-03-19 06:07 - 00000000 ____D () C:\ComboFix
2014-03-19 05:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-19 05:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-19 05:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-19 05:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-19 05:39 - 2014-03-19 06:05 - 00000000 ____D () C:\Windows\erdnt
2014-03-19 05:14 - 2014-03-19 05:14 - 05190052 ____R (Swearware) C:\Users\MILENA\Desktop\ComboFix.exe
2014-03-14 00:46 - 2014-03-14 00:46 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\.mono
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\ProgramData\.mono
2014-03-13 03:03 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:26 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:26 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:21 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 00:21 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:21 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:21 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:21 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:21 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 00:21 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:21 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:21 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 00:21 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 00:21 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 00:21 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:21 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:20 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-08 03:04 - 2014-03-08 03:04 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Skype
2014-03-06 06:07 - 2014-03-06 06:07 - 00000071 _____ () C:\Users\MILENA\Desktop\listen (1).pls
2014-03-06 06:04 - 2014-03-06 06:04 - 00000071 _____ () C:\Users\MILENA\Desktop\listen.pls
2014-02-24 21:38 - 2014-02-24 21:38 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-22 21:16 - 2014-02-22 21:17 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{9475BF0A-543A-493A-ABAC-499C1561095C}
2014-02-22 18:19 - 2014-02-22 18:19 - 00013948 _____ () C:\Users\MILENA\Desktop\OGLAS..odt

==================== One Month Modified Files and Folders =======

2014-03-21 20:48 - 2014-03-21 20:47 - 00035483 _____ () C:\Users\MILENA\Desktop\FRST.txt
2014-03-21 20:47 - 2014-03-21 20:47 - 00000000 ____D () C:\FRST
2014-03-21 20:46 - 2014-03-21 20:46 - 01145856 _____ (Farbar) C:\Users\MILENA\Desktop\FRST.exe
2014-03-21 20:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:41 - 2009-06-27 01:54 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\Skype
2014-03-21 20:41 - 2009-06-25 03:01 - 01643157 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 20:19 - 2013-05-24 01:32 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 20:14 - 2010-11-29 22:37 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-03-21 20:10 - 2013-05-24 01:32 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 20:10 - 2013-03-04 05:08 - 00000000 ____D () C:\Users\MILENA\AppData\Local\AVG Secure Search
2014-03-21 20:10 - 2012-04-09 14:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 14:16 - 2013-03-13 12:47 - 00414704 _____ () C:\Windows\PFRO.log
2014-03-21 14:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 14:15 - 2006-11-02 14:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 14:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-21 13:55 - 2006-11-02 11:33 - 00766208 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 13:24 - 2014-03-21 13:24 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 13:24 - 2013-03-04 05:08 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-21 13:24 - 2013-03-04 05:08 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-21 10:36 - 2014-03-21 10:36 - 00000104 _____ () C:\Users\MILENA\Desktop\Control Panel - Shortcut.lnk
2014-03-21 01:53 - 2014-03-21 01:53 - 00000000 ____D () C:\Windows\CheckSur
2014-03-21 01:53 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-21 01:50 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-03-21 00:18 - 2014-03-21 00:18 - 00014157 _____ () C:\Users\MILENA\Desktop\attach.txt
2014-03-21 00:17 - 2014-03-21 00:18 - 00014726 _____ () C:\Users\MILENA\Desktop\dds.txt
2014-03-19 06:07 - 2014-03-19 06:07 - 00027481 _____ () C:\ComboFix.txt
2014-03-19 06:07 - 2014-03-19 05:40 - 00000000 ____D () C:\Qoobox
2014-03-19 06:07 - 2014-03-19 05:40 - 00000000 ____D () C:\ComboFix
2014-03-19 06:07 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-19 06:07 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-19 06:05 - 2014-03-19 05:39 - 00000000 ____D () C:\Windows\erdnt
2014-03-19 06:00 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-19 05:57 - 2012-06-03 12:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-19 05:55 - 2006-11-02 11:22 - 54788096 _____ () C:\Windows\system32\config\software.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 38535168 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 23592960 _____ () C:\Windows\system32\config\system.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-03-19 05:55 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-03-19 05:52 - 2014-02-01 07:20 - 00000000 ____D () C:\Program Files\Free Games 111
2014-03-19 05:14 - 2014-03-19 05:14 - 05190052 ____R (Swearware) C:\Users\MILENA\Desktop\ComboFix.exe
2014-03-16 15:20 - 2013-12-28 00:33 - 00000000 ____D () C:\ProgramData\WebGeniuos
2014-03-14 21:44 - 2013-09-30 08:33 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Unity
2014-03-14 00:46 - 2014-03-14 00:46 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{4CE53D09-9BF4-4CBC-B67C-02824710199B}
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\.mono
2014-03-13 19:53 - 2014-03-13 19:53 - 00000000 ____D () C:\ProgramData\.mono
2014-03-13 06:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 05:56 - 2006-11-02 13:47 - 00355064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 05:53 - 2009-10-05 06:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 00:53 - 2012-04-09 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 00:53 - 2011-06-05 22:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 00:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-12 23:59 - 2013-06-13 22:34 - 00000000 ____D () C:\Users\MILENA\AppData\Roaming\vlc
2014-03-12 23:59 - 2013-04-10 15:57 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-12 23:59 - 2013-03-04 05:08 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-03-12 23:59 - 2013-01-28 04:57 - 00000000 ___RD () C:\Program Files\Skype
2014-03-12 23:59 - 2009-06-25 02:22 - 00000000 ____D () C:\Users\MILENA
2014-03-12 23:59 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-12 23:59 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-12 23:59 - 2006-11-02 11:22 - 54788096 _____ () C:\Windows\system32\config\software_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 38535168 _____ () C:\Windows\system32\config\components_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 23592960 _____ () C:\Windows\system32\config\system_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-12 23:59 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-08 03:04 - 2014-03-08 03:04 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Skype
2014-03-08 03:04 - 2009-06-27 01:53 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 06:07 - 2014-03-06 06:07 - 00000071 _____ () C:\Users\MILENA\Desktop\listen (1).pls
2014-03-06 06:04 - 2014-03-06 06:04 - 00000071 _____ () C:\Users\MILENA\Desktop\listen.pls
2014-03-04 11:02 - 2009-06-25 03:55 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Adobe
2014-03-01 21:10 - 2009-06-26 14:01 - 00119808 _____ () C:\Users\MILENA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 21:38 - 2014-02-24 21:38 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{AC67CF96-E30B-4872-8A35-D9C98D401C46}
2014-02-23 06:50 - 2014-03-13 00:21 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-13 00:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-13 00:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-13 00:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-13 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-13 00:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-13 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:38 - 2014-03-13 00:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-13 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:37 - 2014-03-13 00:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-13 00:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-13 00:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-13 00:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-13 00:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 21:17 - 2014-02-22 21:16 - 00000000 ____D () C:\Users\MILENA\AppData\Local\{9475BF0A-543A-493A-ABAC-499C1561095C}
2014-02-22 21:17 - 2010-10-21 02:12 - 00000000 ____D () C:\Users\MILENA\AppData\Local\Windows Live
2014-02-22 18:19 - 2014-02-22 18:19 - 00013948 _____ () C:\Users\MILENA\Desktop\OGLAS..odt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 14:24

==================== End Of Log ============================
mycity.rs/must-login.png

Poslao: 21 Mar 2014 21:29
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Idemo jedno po jedno.

Arrow

Imas ostatke Kaspersky Antivirusa. Preuzmi Removal tool sa linka ispod, pokreni ga i isprati korake
http://support.kaspersky.com/downloads/utils/kavremover.exe



Arrow

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt



Arrow


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-a.....rome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = http://dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
Browse2save (HKLM\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version:  - BrowseToSave) <==== ATTENTION
BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version:  - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\MILENA\Downloads\application for employement.eml:OECustomProperty
Task: {E7666D32-6029-4242-9BF8-146F631574A6} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {F1C44F0F-2067-4680-9A16-6F7E4779B952} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21] ()
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
End
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.





Arrow

Nakon sto odradis ove korake, pokreni ponovo FRST i postavi mi sveze logove.

Poslao: 21 Mar 2014 22:17
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Napisano: 21 Mar 2014 22:14

mycity.rs/must-login.png

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by MILENA at 2014-03-21 22:05:13 Run:1
Running from C:\Users\MILENA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = us.yhs.search.yahoo.com/avg/search?fr=yhs-a.....rome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD24} URL = dts.search-results.com/sr?src=ieb&appid=126&systemid=4&sr=0&q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = toolbar.ask.com/toolbarv/askRedirect?o=13153&gct=&gc=1&q={searchTerms}&crm=1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
Browse2save (HKLM\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version: - BrowseToSave) <==== ATTENTION
BrowseToSave 1.74 (HKLM\...\SP_48c708f2) (Version: - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\MILENA\Downloads\application for employement.eml:OECustomProperty
Task: {E7666D32-6029-4242-9BF8-146F631574A6} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {F1C44F0F-2067-4680-9A16-6F7E4779B952} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21] ()
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
2014-03-21 20:10 - 2009-07-18 20:28 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-03-21 00:33 - 2009-07-18 20:28 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} => Key not found.
HKCR\Wow6432Node\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD24} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
vToolbarUpdater18.0.5 => Service deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Users\MILENA\Downloads\application for employement.eml => ":OECustomProperty" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7666D32-6029-4242-9BF8-146F631574A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7666D32-6029-4242-9BF8-146F631574A6} => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Registration => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1C44F0F-2067-4680-9A16-6F7E4779B952} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1C44F0F-2067-4680-9A16-6F7E4779B952} => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Update Version2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version2 => Key deleted successfully.
C:\Windows\Tasks\ParetoLogic Registration.job => Moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version2.job => Moved successfully.
"C:\Windows\Tasks\ParetoLogic Registration.job" => File/Directory not found.
"C:\Windows\Tasks\ParetoLogic Update Version2.job" => File/Directory not found.

==== End of Fixlog ====


Valjda sam ovo do sad uradila kako treba, sada cu ponovo da pokrenem frst pa cu da postavim sveze logove.

Dopuna: 21 Mar 2014 22:17

mycity.rs/must-login.png

Poslao: 21 Mar 2014 22:39
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.


S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service



U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum

Poslao: 21 Mar 2014 22:51
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by MILENA at 2014-03-21 22:44:29 Run:2
Running from C:\Users\MILENA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 26dc2c7a; "C:\Windows\system32\rundll32.exe" "c:\progra~2\webgen~1\WebGeniuosSvc.dll",service
*****************

26dc2c7a => Service deleted successfully.

==== End of Fixlog ====

Poslao: 21 Mar 2014 23:01
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.malwarebytes.org/mwb-download/

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.


Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Poslao: 21 Mar 2014 23:39
Idi na vrh
offline
  • Pridružio: 21 Mar 2014
  • Poruke: 15

Malwarebytes Anti-Malware 1.75.0.1300
malwarebytes.org

Verzija baze: v2014.03.21.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
MILENA :: MILENA-PC [administrator]

21.3.2014 23:04:33
mbam-log-2014-03-21 (23-04-33).txt

Način skeniranja: Brzo skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 233452
Proteklo vreme 10 minuta(e), 1 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 4
HKCR\Free Games 111.Tool (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Free Games 111.Tool.1 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Speed Test (4354).BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
HKCR\Speed Test (4354).BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 6
C:\Program Files\SearchNewTab (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames111 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest127 (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111 (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano

Detektovane datoteke: 46
C:\ProgramData\InstallMate\{8F76B5A8-A554-4ABB-A850-ED765495975E}\Custom.dll (Adware.Agent) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Desktop\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\xmastree.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\waterscenesss.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\moonlight.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\lake.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\marine2.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\Downloads\waterfalls3.exe (PUP.Optional.InstallIQ.A) -> Stavljeno u karantin i uspešno obrisano
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B4PXO59B\upgrade[1].cab (Adware.Agent.ZGen) -> Stavljeno u karantin i uspešno obrisano
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B4PXO59B\upgrade[2].cab (Adware.Zwangi) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\7vs.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\7vs.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\BMlr.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\BMlr.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\UKjEyBKs.dat (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\SearchNewTab\UKjEyBKs.tlb (PUP.Optional.SearchNewTab.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\freegames4357.crx (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\freegames4357DeskTopIcon.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\freegames4357\install_helper.exe (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\install_helper.exe (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\speedtest4354.crx (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest4354\speedtest4354DeskTopIcon.ico (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Users\MILENA\AppData\Roaming\speedtest127\speedtest127.xpi (PUP.Optional.SpeedTest.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\DeskTopIcon.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\background.html (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\button.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\config.xml (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\content.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon128.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon128.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon16.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon16.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon18.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon18.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon24.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon24.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon32.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon32.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon48.ico (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\icon48.png (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\jquery-1.9.1.min.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\json2.min.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\options.htm (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\rjs.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\updater.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano
C:\Program Files\Free Games 111\updaterWrapper.js (PUP.Optional.FreeGames.A) -> Stavljeno u karantin i uspešno obrisano

(kraj)

Poslao: 21 Mar 2014 23:43
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Odlicno, Malwarebytes zadrzi jer je to odlican program, a sad si videla kako radi.


Kako se sada ponasa Toshiba Smile

MyCity » Ambulanta -> Arhiva Ambulante » Provera laptopa

Ko je trenutno na forumu
 

Ukupno su 1189 korisnika na forumu :: 43 registrovanih, 4 sakrivenih i 1142 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Bobrock1, ccoogg123, Centauro, dankisha, Denaya, dika69, djboj, Djokislav, doktor1964, DPera, DragoslavS, Džordžino, Fog of War, HrcAk47, hyla, Ivica1102, Još malo pa deda, kobaja77, Kubovac, ladro, laki_bb, mercedesamg, milanovic, milutin134, mrav pesadinac, naki011, Nemanja.M, prashinar, proka89, saputnik plavetnila, Springfield, ss10, Stanlio, Sumadija34, Tvrtko I, Vlada78, vladaa012, vladulns, yagosh, zeo, 1107