Uporan virus

1

Uporan virus

offline
  • Pridružio: 28 Avg 2013
  • Poruke: 10

Pozdrav svima.
Sinoć sam upecao neki virus. Koristim AVG antivirus, međutim, nije u stanju da ga otkloni, pa mi svaka dva ili tri minuta iskače prozor prikazan na prvoj slici, a ređe ovaj drugi. Molim vas za malo pomoći, ako je moguće.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Momir at 15:07:51 on 2013-08-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.381.1033.18.4069.2362 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&q={searchTerms}&installDate={installDate}
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe"
uRun: [uTorrent] "C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TNRotate] C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TSUScheduler] C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3534570D-F5C3-45AD-8182-4944B77984B7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{36303146-B047-4592-B9E9-D4C9E65FBA61} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{36303146-B047-4592-B9E9-D4C9E65FBA61}\847453230336 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{36303146-B047-4592-B9E9-D4C9E65FBA61}\847453332356D2342423737313 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{36303146-B047-4592-B9E9-D4C9E65FBA61}\A6564735075656460294144402230282053545E492 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{36303146-B047-4592-B9E9-D4C9E65FBA61}\D6968616A6C6F6671636 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [TDLPowerCtrl] C:\Program Files (x86)\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&installDate={installDate}&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-8-20 56208]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-6-2 482384]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-6-5 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-6-2 203776]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-8-20 9216]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2011-6-1 73216]
R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2011-4-22 101376]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2011-4-26 53760]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-2 2656280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2013-6-2 42096]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-6-2 35008]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-6-2 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-4-5 828336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-5 1432400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-5 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-6-5 30208]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-28 02:36:11 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-08-28 02:36:01 -------- d-----w- C:\Program Files (x86)\x264 Video Codec
2013-08-27 18:31:59 -------- d-----w- C:\Users\Momir\AppData\Roaming\Hive Cluster
2013-08-27 18:28:13 -------- d-----w- C:\Program Files (x86)\Antichamber
2013-08-26 00:06:49 -------- d-----w- C:\Program Files (x86)\Recnik20
2013-08-20 16:15:40 -------- d-----w- C:\Users\Momir\AppData\Local\Freemake Music Box
2013-08-20 03:31:20 -------- d-----w- C:\ProgramData\ALM
2013-08-20 03:26:38 -------- d-----w- C:\Users\Momir\Adobe Flash Builder 4.6
2013-08-20 03:21:23 56208 ------w- C:\windows\System32\drivers\PxHlpa64.sys
2013-08-20 03:21:23 10224 ------w- C:\windows\System32\drivers\cdralw2k.sys
2013-08-20 03:21:23 10224 ------w- C:\windows\System32\drivers\cdr4_xp.sys
2013-08-20 03:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-08-20 03:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-08-20 03:21:17 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-08-19 20:46:15 -------- d-----w- C:\adobeTemp
2013-08-16 21:14:14 -------- d-----w- C:\Westwood
2013-08-15 23:14:15 -------- d-----w- C:\windows\SysWow64\Samsung_USB_Drivers
2013-08-14 09:52:51 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-12 18:13:34 720896 ----a-w- C:\windows\iun6002.exe
2013-08-12 18:12:35 -------- d-----w- C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge
2013-08-10 17:34:58 -------- d-----w- C:\Program Files (x86)\Counter-Strike 1.6
2013-08-08 10:06:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-08 10:06:19 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-08 09:24:54 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2013-08-07 14:21:51 -------- d-----w- C:\Program Files\Microsoft Mathematics
2013-07-30 07:09:42 -------- d-----w- C:\ProgramData\Rosetta Stone
2013-07-30 07:09:42 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2013-07-30 07:07:54 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-07-30 04:29:40 -------- d-----w- C:\Program Files (x86)\Microsoft Games
.
==================== Find3M ====================
.
2013-08-28 12:38:41 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 23:32:38 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-30 23:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-06-23 20:57:21 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 20:57:20 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-23 20:57:20 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 13:23:35 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 23:19:37 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-06-02 15:38:59 0 ----a-w- C:\windows\ativpsrm.bin
.
============= FINISH: 15:08:32,92 ===============


mycity.rs/must-login.png



offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64-bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 28 Avg 2013
  • Poruke: 10

Zaboravio sam da napomenem da mi se pojavila i poruka da je Windows Security Center service isključen i ne mogu da ga uključim. (Iskoči prozor sa porukom ''The Windoes Security Center service can't be started.'')


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Momir (administrator) on 28-08-2013 17:44:16
Running from C:\Users\Momir\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(BitTorrent Inc.) C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AIMP DevTeam) C:\PROGRA~2\AIMP3\AIMP3.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [TDLPowerCtrl] - C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-15] (Toshiba Europe GmbH)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe [888152 2013-08-14] (BitTorrent Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TNRotate] - C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] - C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-10] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs-x32: [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....stallDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default
FF user.js: detected! => C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\user.js
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
FF SelectedSearchEngine: Web Search
FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&installDate={installDate}&q=
FF NewTab: about:blank
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\Extensions\staged
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Dark Vibe) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Auto Replay for YouTube) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Gmail) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}\ \...\???\{10c73801-a34e-9b83-adbc-87bcd638cff0}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-05] (DT Soft Ltd)
S3 NPF; system32\drivers\NPF.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 17:43 - 2013-08-28 17:43 - 01579080 _____ (Farbar) C:\Users\Momir\Downloads\FRST64.exe
2013-08-28 15:15 - 2013-08-28 15:15 - 00015594 _____ C:\Users\Momir\Downloads\320300_496139051_attach.txt
2013-08-28 15:08 - 2013-08-28 15:08 - 00029131 _____ C:\Users\Momir\Desktop\dds.txt
2013-08-28 15:08 - 2013-08-28 15:08 - 00015594 _____ C:\Users\Momir\Desktop\attach.txt
2013-08-28 15:07 - 2013-08-28 15:07 - 00688992 ____R (Swearware) C:\Users\Momir\Downloads\dds.com
2013-08-28 05:14 - 2013-08-28 05:15 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Momir\Downloads\tdsskiller.exe
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-27 20:31 - 2013-08-27 20:31 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Hive Cluster
2013-08-27 20:28 - 2013-08-28 04:44 - 00000000 ____D C:\Program Files (x86)\Antichamber
2013-08-27 20:28 - 2013-08-27 20:28 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-08-26 02:06 - 2013-08-26 02:06 - 00000000 ____D C:\Program Files (x86)\Recnik20
2013-08-24 14:37 - 2013-08-24 21:06 - 00000000 ____D C:\Users\Momir\Downloads\Now.You.See.Me.2013.EXTENDED.RERIP.720p.BRRip.x264-Fastbet99
2013-08-21 12:11 - 2013-08-21 12:11 - 00002372 _____ C:\windows\PFRO.log
2013-08-20 20:34 - 2013-08-20 20:34 - 00002222 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-20 20:21 - 2013-08-28 15:32 - 00001680 _____ C:\windows\setupact.log
2013-08-20 20:21 - 2013-08-20 20:21 - 00000000 _____ C:\windows\setuperr.log
2013-08-20 18:15 - 2013-08-21 00:54 - 00000000 ____D C:\Users\Momir\AppData\Local\Freemake Music Box
2013-08-20 17:09 - 2013-08-20 17:09 - 00001334 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-08-20 16:54 - 2013-08-20 16:54 - 00001346 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-08-20 16:53 - 2013-08-20 16:53 - 00001262 _____ C:\Users\Public\Desktop\Freemake Music Box.lnk
2013-08-20 16:27 - 2013-08-20 16:29 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-20 05:52 - 2013-08-20 05:52 - 00003506 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Momir-TOSH-Momir
2013-08-20 05:31 - 2013-08-20 05:31 - 00000000 ____D C:\ProgramData\ALM
2013-08-20 05:26 - 2013-08-20 05:26 - 00000000 ____D C:\Users\Momir\Adobe Flash Builder 4.6
2013-08-20 05:21 - 2013-08-20 05:21 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-20 05:21 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\windows\system32\Drivers\PxHlpa64.sys
2013-08-20 05:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdralw2k.sys
2013-08-20 05:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdr4_xp.sys
2013-08-20 05:14 - 2013-08-20 05:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-19 23:40 - 2013-08-19 23:43 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-19 22:50 - 2013-08-19 22:50 - 00000854 _____ C:\Users\Momir\Documents\hosts.txt
2013-08-18 15:35 - 2013-08-18 15:54 - 00000000 ____D C:\Users\Momir\Downloads\Icons
2013-08-16 23:39 - 2013-08-16 23:39 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2013-08-16 23:14 - 2013-08-16 23:14 - 00000000 ____D C:\Westwood
2013-08-14 15:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-14 15:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-14 15:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-14 15:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-14 15:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-14 15:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-14 15:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-14 15:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-14 15:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-14 15:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-14 15:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 15:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 11:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 11:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-14 11:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 11:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-14 11:52 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 11:52 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 11:52 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-14 11:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 11:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 11:52 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-14 11:52 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-14 11:52 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-14 11:52 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-14 11:52 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-14 11:52 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-14 11:52 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-14 11:52 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 11:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-12 20:13 - 2013-08-12 20:01 - 00720896 _____ (Indigo Rose Corporation) C:\windows\iun6002.exe
2013-08-12 20:12 - 2013-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge
2013-08-10 19:34 - 2013-08-10 19:38 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2013-08-08 12:06 - 2013-08-28 17:16 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 12:06 - 2013-08-08 12:06 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-08 12:06 - 2013-08-08 12:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-08 12:06 - 2013-08-08 12:06 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-08 12:06 - 2013-08-08 12:06 - 00000000 ____D C:\windows\system32\Macromed
2013-08-08 11:38 - 2013-08-08 11:38 - 00000000 ____D C:\Users\Momir\Documents\My Cheat Tables
2013-08-08 11:24 - 2013-08-08 11:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-07 18:15 - 2013-08-07 18:15 - 00000173 _____ C:\Users\Momir\AppData\Local\msmathematics.qat.Momir
2013-08-07 16:21 - 2013-08-07 16:21 - 00000000 ____D C:\Program Files\Microsoft Mathematics
2013-07-30 09:09 - 2013-07-30 09:25 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-07-30 09:09 - 2013-07-30 09:09 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-07-30 06:34 - 2013-08-16 23:21 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-30 06:29 - 2013-07-30 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-29 01:46 - 2013-07-29 01:46 - 00000000 ____D C:\Users\Momir\Documents\Electronic Arts

==================== One Month Modified Files and Folders =======

2013-08-28 17:44 - 2013-08-28 17:44 - 00000000 ____D C:\FRST
2013-08-28 17:43 - 2013-08-28 17:43 - 01579080 _____ (Farbar) C:\Users\Momir\Downloads\FRST64.exe
2013-08-28 17:43 - 2013-06-05 22:43 - 00000000 ____D C:\Users\Momir\AppData\Roaming\uTorrent
2013-08-28 17:40 - 2013-06-13 13:22 - 00000000 ____D C:\ProgramData\MFAData
2013-08-28 17:38 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Momir\AppData\Roaming\AIMP3
2013-08-28 17:32 - 2013-07-10 18:57 - 00000029 _____ C:\windows\SysWOW64\TempWmicBatchFile.bat
2013-08-28 17:26 - 2013-07-04 22:47 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 17:23 - 2013-07-05 23:13 - 00000628 _____ C:\windows\Tasks\OpenCandyHelperF0E5E32C379D4A699514ECD97E764386.job
2013-08-28 17:16 - 2013-08-08 12:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 15:40 - 2009-07-14 06:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 15:40 - 2009-07-14 06:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 15:34 - 2013-06-05 16:55 - 00000000 ____D C:\Users\Momir\AppData\Local\Akamai
2013-08-28 15:32 - 2013-08-20 20:21 - 00001680 _____ C:\windows\setupact.log
2013-08-28 15:32 - 2013-07-05 23:13 - 00000628 _____ C:\windows\Tasks\OpenCandyHelperRunC2CDCFC37E3A476499DB63730AF06D6B.job
2013-08-28 15:32 - 2013-07-04 22:47 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 15:32 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-28 15:15 - 2013-08-28 15:15 - 00015594 _____ C:\Users\Momir\Downloads\320300_496139051_attach.txt
2013-08-28 15:08 - 2013-08-28 15:08 - 00029131 _____ C:\Users\Momir\Desktop\dds.txt
2013-08-28 15:08 - 2013-08-28 15:08 - 00015594 _____ C:\Users\Momir\Desktop\attach.txt
2013-08-28 15:07 - 2013-08-28 15:07 - 00688992 ____R (Swearware) C:\Users\Momir\Downloads\dds.com
2013-08-28 05:15 - 2013-08-28 05:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Momir\Downloads\tdsskiller.exe
2013-08-28 04:59 - 2013-07-10 19:23 - 00000000 ___SD C:\Users\Momir\Google диск
2013-08-28 04:49 - 2011-08-15 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-28 04:44 - 2013-08-27 20:28 - 00000000 ____D C:\Program Files (x86)\Antichamber
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-28 04:36 - 2013-06-02 19:48 - 00000000 ____D C:\Users\Momir\AppData\Local\Google
2013-08-28 04:36 - 2013-06-02 17:37 - 01311613 _____ C:\windows\WindowsUpdate.log
2013-08-28 04:36 - 2011-08-15 21:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 02:00 - 2013-06-03 20:24 - 00000000 ____D C:\Users\Momir\AppData\Local\Adobe
2013-08-27 20:31 - 2013-08-27 20:31 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Hive Cluster
2013-08-27 20:28 - 2013-08-27 20:28 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-08-26 20:28 - 2013-06-02 23:16 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Skype
2013-08-26 02:06 - 2013-08-26 02:06 - 00000000 ____D C:\Program Files (x86)\Recnik20
2013-08-24 21:06 - 2013-08-24 14:37 - 00000000 ____D C:\Users\Momir\Downloads\Now.You.See.Me.2013.EXTENDED.RERIP.720p.BRRip.x264-Fastbet99
2013-08-23 02:42 - 2013-07-16 13:09 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-21 12:11 - 2013-08-21 12:11 - 00002372 _____ C:\windows\PFRO.log
2013-08-21 00:54 - 2013-08-20 18:15 - 00000000 ____D C:\Users\Momir\AppData\Local\Freemake Music Box
2013-08-20 20:41 - 2013-06-05 15:23 - 00000000 ____D C:\Users\Momir\AppData\Roaming\DAEMON Tools Lite
2013-08-20 20:34 - 2013-08-20 20:34 - 00002222 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-20 20:21 - 2013-08-20 20:21 - 00000000 _____ C:\windows\setuperr.log
2013-08-20 18:17 - 2011-08-16 05:54 - 00000000 ____D C:\windows\Panther
2013-08-20 18:15 - 2013-06-05 22:44 - 00000000 ____D C:\Users\Momir\Documents\Freemake
2013-08-20 18:15 - 2013-06-05 22:44 - 00000000 ____D C:\ProgramData\Freemake
2013-08-20 17:09 - 2013-08-20 17:09 - 00001334 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-08-20 17:08 - 2013-06-02 19:56 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Adobe
2013-08-20 16:54 - 2013-08-20 16:54 - 00001346 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-08-20 16:54 - 2013-06-05 22:43 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-20 16:53 - 2013-08-20 16:53 - 00001262 _____ C:\Users\Public\Desktop\Freemake Music Box.lnk
2013-08-20 16:29 - 2013-08-20 16:27 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-20 15:36 - 2009-07-14 06:45 - 05112280 _____ C:\windows\system32\FNTCACHE.DAT
2013-08-20 05:52 - 2013-08-20 05:52 - 00003506 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Momir-TOSH-Momir
2013-08-20 05:52 - 2013-06-08 22:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-20 05:50 - 2013-06-02 19:39 - 00141704 _____ C:\Users\Momir\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 05:45 - 2011-08-15 20:41 - 00000000 ____D C:\ProgramData\Adobe
2013-08-20 05:44 - 2011-08-15 20:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-20 05:39 - 2013-08-20 05:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-20 05:38 - 2013-06-08 22:04 - 00000000 ____D C:\Program Files\Adobe
2013-08-20 05:31 - 2013-08-20 05:31 - 00000000 ____D C:\ProgramData\ALM
2013-08-20 05:26 - 2013-08-20 05:26 - 00000000 ____D C:\Users\Momir\Adobe Flash Builder 4.6
2013-08-20 05:26 - 2013-06-02 19:32 - 00000000 ____D C:\Users\Momir
2013-08-20 05:21 - 2013-08-20 05:21 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-19 23:43 - 2013-08-19 23:40 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-19 23:16 - 2013-06-02 19:38 - 00000000 ____D C:\Users\Momir\AppData\Local\VirtualStore
2013-08-19 22:50 - 2013-08-19 22:50 - 00000854 _____ C:\Users\Momir\Documents\hosts.txt
2013-08-18 15:54 - 2013-08-18 15:35 - 00000000 ____D C:\Users\Momir\Downloads\Icons
2013-08-18 13:21 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-08-17 21:43 - 2013-06-16 04:00 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-17 21:42 - 2013-06-02 22:40 - 00000000 ____D C:\Users\Momir\AppData\Roaming\DVDVideoSoft
2013-08-16 23:39 - 2013-08-16 23:39 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2013-08-16 23:21 - 2013-07-30 06:34 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-16 23:14 - 2013-08-16 23:14 - 00000000 ____D C:\Westwood
2013-08-14 15:16 - 2013-06-05 15:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 15:12 - 2009-07-14 07:13 - 00784900 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 15:09 - 2013-07-17 21:37 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 15:05 - 2013-06-05 01:02 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-12 20:34 - 2013-08-12 20:12 - 00000000 ____D C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge
2013-08-12 20:01 - 2013-08-12 20:13 - 00720896 _____ (Indigo Rose Corporation) C:\windows\iun6002.exe
2013-08-10 21:39 - 2013-06-08 20:50 - 00000000 ____D C:\Users\Momir\AppData\Local\cache
2013-08-10 19:38 - 2013-08-10 19:34 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2013-08-08 12:06 - 2013-08-08 12:06 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-08 12:06 - 2013-08-08 12:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-08 12:06 - 2013-08-08 12:06 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-08 12:06 - 2013-08-08 12:06 - 00000000 ____D C:\windows\system32\Macromed
2013-08-08 11:38 - 2013-08-08 11:38 - 00000000 ____D C:\Users\Momir\Documents\My Cheat Tables
2013-08-08 11:24 - 2013-08-08 11:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-08 09:06 - 2013-06-02 23:09 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-08-07 18:15 - 2013-08-07 18:15 - 00000173 _____ C:\Users\Momir\AppData\Local\msmathematics.qat.Momir
2013-08-07 16:21 - 2013-08-07 16:21 - 00000000 ____D C:\Program Files\Microsoft Mathematics
2013-07-30 22:57 - 2013-06-29 17:55 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker
2013-07-30 22:56 - 2013-07-25 10:53 - 00000000 ____D C:\Users\Momir\AppData\Roaming\.minecraft
2013-07-30 09:25 - 2013-07-30 09:09 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-07-30 09:09 - 2013-07-30 09:09 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-07-30 09:09 - 2013-06-08 20:49 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-30 06:37 - 2013-07-25 20:22 - 00000000 ____D C:\Users\Momir\Documents\My Games
2013-07-30 06:29 - 2013-07-30 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-29 01:46 - 2013-07-29 01:46 - 00000000 ____D C:\Users\Momir\Documents\Electronic Arts

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Momir\AppData\Local\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
C:\Users\Momir\AppData\Local\Temp\FreemakeMusicBox_1.0.0.1.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoConverter_4.0.3.3.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe
C:\Users\Momir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Momir\AppData\Local\Temp\_MEI70242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\Temp1_recnik20.zip\SETUP.EXE
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\UnSetup.exe
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\InstallData\Interop.IWshRuntimeLibrary.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-22 13:33

==================== End Of Log ============================


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Exclamation U upustvu je pisalo da FRST sacuvas na Desktop. Nije to toliko bilo bitno malopre, ali sad jeste. Znaci ili preuzmi novi sa istog linka ili ovaj iz foldera Downloads prebaci na Desktop.


Korak 1.

Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....stallDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
FF SelectedSearchEngine: Web Search
FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&installDate={installDate}&q=
FF SearchPlugin: C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\searchplugins\Web Search.xml
CHR HomePage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}\ \...\???\{10c73801-a34e-9b83-adbc-87bcd638cff0}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Momir\AppData\Local\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
C:\Users\Momir\AppData\Local\Temp\FreemakeMusicBox_1.0.0.1.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoConverter_4.0.3.3.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe
C:\Users\Momir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Momir\AppData\Local\Temp\_MEI70242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\Temp1_recnik20.zip\SETUP.EXE
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\UnSetup.exe
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\InstallData\Interop.IWshRuntimeLibrary.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.




Korak 2.

Arrow Ponovo pokreni FRST, klikni na Scan i dostavi mi svez izvestaj.

offline
  • Pridružio: 28 Avg 2013
  • Poruke: 10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by Momir at 2013-08-28 18:47:22 Run:1
Running from C:\Users\Momir\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....stallDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = feed.snap.do/?publisher=SnapdoOCYB&dpid=Sna.....type=ds&q={searchTerms}&installDate={installDate}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
FF SelectedSearchEngine: Web Search
FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&installDate={installDate}&q=
FF SearchPlugin: C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\searchplugins\Web Search.xml
CHR HomePage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}\ \...\???\{10c73801-a34e-9b83-adbc-87bcd638cff0}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Momir\AppData\Local\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0}
C:\Users\Momir\AppData\Local\Temp\FreemakeMusicBox_1.0.0.1.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoConverter_4.0.3.3.exe
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe
C:\Users\Momir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Momir\AppData\Local\Temp\_MEI70242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\kernel32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90u.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\psapi.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\python27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\pythoncom27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\PyWinTypes27.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\shell32.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_net_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_adv_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_core_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_html_vc90.dll
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_webview_vc90.dll
C:\Users\Momir\AppData\Local\Temp\Temp1_recnik20.zip\SETUP.EXE
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\UnSetup.exe
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\InstallData\Interop.IWshRuntimeLibrary.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\searchplugins\Web Search.xml => Moved successfully.
CHR HomePage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate} ==> The Chrome "Settings" can be used to fix the entry.
*etadpug => Service deleted successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini " => Scheduled to move on reboot.
C:\Users\Momir\AppData\Local\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0} => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0} " directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0} " directory. => Scheduled to move on reboot.

C:\Users\Momir\AppData\Local\Temp\FreemakeMusicBox_1.0.0.1.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoConverter_4.0.3.3.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\kernel32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfc90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\mfcm90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\psapi.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\python27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\pythoncom27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\PyWinTypes27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\shell32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_net_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxbase294u_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_adv_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_core_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_html_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI70242\wxmsw294u_webview_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\kernel32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfc90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\mfcm90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\psapi.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\python27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\pythoncom27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\PyWinTypes27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\shell32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_net_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxbase294u_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_adv_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_core_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_html_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI62722\wxmsw294u_webview_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\kernel32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfc90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\mfcm90u.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\psapi.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\python27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\pythoncom27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\PyWinTypes27.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\shell32.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_net_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxbase294u_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_adv_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_core_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_html_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\_MEI56242\wxmsw294u_webview_vc90.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\Temp1_recnik20.zip\SETUP.EXE => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\UnSetup.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\Epic-00591a0e-68cd-43ce-82e9-cf9ae6ccbe70\Binaries\InstallData\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\GoogleEarth.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll => Moved successfully.
C:\Users\Momir\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========== Result of Scheduled Files to move ===========

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{10c73801-a34e-9b83-adbc-87bcd638cff0} => Moved successfully.

==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, cekam jos novi izvestaj...

offline
  • Pridružio: 28 Avg 2013
  • Poruke: 10

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Momir (administrator) on 28-08-2013 18:58:06
Running from C:\Users\Momir\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Akamai Technologies, Inc.) C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(BitTorrent Inc.) C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [TDLPowerCtrl] - C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-15] (Toshiba Europe GmbH)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Momir\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Momir\AppData\Roaming\uTorrent\uTorrent.exe [888152 2013-08-14] (BitTorrent Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TNRotate] - C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe [607688 2010-11-25] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] - C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-10] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs-x32: [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default
FF user.js: detected! => C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\user.js
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
FF SelectedSearchEngine: Web Search
FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=ds&installDate={installDate}&q=
FF NewTab: about:blank
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Users\Momir\AppData\Roaming\Mozilla\Firefox\Profiles\849a4v7g.default\Extensions\staged
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=RS&userid=27316408-30ac-4a7d-ae7a-b3830d6643b3&searchtype=hp&installDate={installDate}
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Dark Vibe) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Auto Replay for YouTube) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0
CHR Extension: (Gmail) - C:\Users\Momir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] ()
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-05] (DT Soft Ltd)
S3 NPF; system32\drivers\NPF.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 18:15 - 2013-08-28 18:29 - 112001024 _____ C:\Users\Momir\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2013-08-28 18:14 - 2013-08-28 18:28 - 337215488 _____ C:\Users\Momir\Downloads\kav_rescue_10.iso
2013-08-28 17:45 - 2013-08-28 17:45 - 00060422 _____ C:\Users\Momir\Downloads\FRST.txt
2013-08-28 17:44 - 2013-08-28 18:49 - 00000000 ____D C:\FRST
2013-08-28 17:43 - 2013-08-28 17:43 - 01579080 _____ (Farbar) C:\Users\Momir\Desktop\FRST64.exe
2013-08-28 15:15 - 2013-08-28 15:15 - 00015594 _____ C:\Users\Momir\Downloads\320300_496139051_attach.txt
2013-08-28 15:07 - 2013-08-28 15:07 - 00688992 ____R (Swearware) C:\Users\Momir\Downloads\dds.com
2013-08-28 05:14 - 2013-08-28 05:15 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Momir\Downloads\tdsskiller.exe
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-27 20:31 - 2013-08-27 20:31 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Hive Cluster
2013-08-27 20:28 - 2013-08-28 04:44 - 00000000 ____D C:\Program Files (x86)\Antichamber
2013-08-27 20:28 - 2013-08-27 20:28 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-08-26 02:06 - 2013-08-26 02:06 - 00000000 ____D C:\Program Files (x86)\Recnik20
2013-08-24 14:37 - 2013-08-24 21:06 - 00000000 ____D C:\Users\Momir\Downloads\Now.You.See.Me.2013.EXTENDED.RERIP.720p.BRRip.x264-Fastbet99
2013-08-21 12:11 - 2013-08-28 18:48 - 00003022 _____ C:\windows\PFRO.log
2013-08-20 20:34 - 2013-08-20 20:34 - 00002222 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-20 20:21 - 2013-08-28 18:48 - 00001792 _____ C:\windows\setupact.log
2013-08-20 20:21 - 2013-08-20 20:21 - 00000000 _____ C:\windows\setuperr.log
2013-08-20 18:15 - 2013-08-21 00:54 - 00000000 ____D C:\Users\Momir\AppData\Local\Freemake Music Box
2013-08-20 17:09 - 2013-08-20 17:09 - 00001334 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-08-20 16:54 - 2013-08-20 16:54 - 00001346 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-08-20 16:53 - 2013-08-20 16:53 - 00001262 _____ C:\Users\Public\Desktop\Freemake Music Box.lnk
2013-08-20 16:27 - 2013-08-20 16:29 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-20 05:52 - 2013-08-20 05:52 - 00003506 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Momir-TOSH-Momir
2013-08-20 05:31 - 2013-08-20 05:31 - 00000000 ____D C:\ProgramData\ALM
2013-08-20 05:26 - 2013-08-20 05:26 - 00000000 ____D C:\Users\Momir\Adobe Flash Builder 4.6
2013-08-20 05:21 - 2013-08-20 05:21 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-20 05:21 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\windows\system32\Drivers\PxHlpa64.sys
2013-08-20 05:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdralw2k.sys
2013-08-20 05:21 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\windows\system32\Drivers\cdr4_xp.sys
2013-08-20 05:14 - 2013-08-20 05:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-19 23:40 - 2013-08-19 23:43 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-19 22:50 - 2013-08-19 22:50 - 00000854 _____ C:\Users\Momir\Documents\hosts.txt
2013-08-18 15:35 - 2013-08-18 15:54 - 00000000 ____D C:\Users\Momir\Downloads\Icons
2013-08-16 23:39 - 2013-08-16 23:39 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2013-08-16 23:14 - 2013-08-16 23:14 - 00000000 ____D C:\Westwood
2013-08-14 15:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-14 15:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-14 15:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-14 15:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-14 15:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-14 15:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-14 15:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-14 15:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-14 15:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-14 15:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-14 15:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-14 15:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-14 15:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 15:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 11:52 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 11:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-14 11:52 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 11:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-14 11:52 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 11:52 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 11:52 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-14 11:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 11:52 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 11:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 11:52 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-14 11:52 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-14 11:52 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-14 11:52 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-14 11:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-14 11:52 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-14 11:52 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-14 11:52 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-14 11:52 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-14 11:52 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 11:52 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-12 20:13 - 2013-08-12 20:01 - 00720896 _____ (Indigo Rose Corporation) C:\windows\iun6002.exe
2013-08-12 20:12 - 2013-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge
2013-08-10 19:34 - 2013-08-10 19:38 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2013-08-08 12:06 - 2013-08-28 18:16 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 12:06 - 2013-08-08 12:06 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-08 12:06 - 2013-08-08 12:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-08 12:06 - 2013-08-08 12:06 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-08 12:06 - 2013-08-08 12:06 - 00000000 ____D C:\windows\system32\Macromed
2013-08-08 11:38 - 2013-08-08 11:38 - 00000000 ____D C:\Users\Momir\Documents\My Cheat Tables
2013-08-08 11:24 - 2013-08-08 11:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-07 18:15 - 2013-08-07 18:15 - 00000173 _____ C:\Users\Momir\AppData\Local\msmathematics.qat.Momir
2013-08-07 16:21 - 2013-08-07 16:21 - 00000000 ____D C:\Program Files\Microsoft Mathematics
2013-07-30 09:09 - 2013-07-30 09:25 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-07-30 09:09 - 2013-07-30 09:09 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-07-30 06:34 - 2013-08-16 23:21 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-30 06:29 - 2013-07-30 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-29 01:46 - 2013-07-29 01:46 - 00000000 ____D C:\Users\Momir\Documents\Electronic Arts

==================== One Month Modified Files and Folders =======

2013-08-28 18:56 - 2009-07-14 06:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 18:56 - 2009-07-14 06:45 - 00024912 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 18:54 - 2013-06-05 22:43 - 00000000 ____D C:\Users\Momir\AppData\Roaming\uTorrent
2013-08-28 18:49 - 2013-08-28 17:44 - 00000000 ____D C:\FRST
2013-08-28 18:49 - 2013-07-10 18:57 - 00000029 _____ C:\windows\SysWOW64\TempWmicBatchFile.bat
2013-08-28 18:49 - 2013-07-05 23:13 - 00000628 _____ C:\windows\Tasks\OpenCandyHelperRunC2CDCFC37E3A476499DB63730AF06D6B.job
2013-08-28 18:49 - 2013-07-04 22:47 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 18:48 - 2013-08-21 12:11 - 00003022 _____ C:\windows\PFRO.log
2013-08-28 18:48 - 2013-08-20 20:21 - 00001792 _____ C:\windows\setupact.log
2013-08-28 18:48 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-28 18:47 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Momir\AppData\Roaming\AIMP3
2013-08-28 18:29 - 2013-08-28 18:15 - 112001024 _____ C:\Users\Momir\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2013-08-28 18:28 - 2013-08-28 18:14 - 337215488 _____ C:\Users\Momir\Downloads\kav_rescue_10.iso
2013-08-28 18:26 - 2013-07-04 22:47 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 18:23 - 2013-07-05 23:13 - 00000628 _____ C:\windows\Tasks\OpenCandyHelperF0E5E32C379D4A699514ECD97E764386.job
2013-08-28 18:16 - 2013-08-08 12:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 17:45 - 2013-08-28 17:45 - 00060422 _____ C:\Users\Momir\Downloads\FRST.txt
2013-08-28 17:43 - 2013-08-28 17:43 - 01579080 _____ (Farbar) C:\Users\Momir\Desktop\FRST64.exe
2013-08-28 17:40 - 2013-06-13 13:22 - 00000000 ____D C:\ProgramData\MFAData
2013-08-28 15:34 - 2013-06-05 16:55 - 00000000 ____D C:\Users\Momir\AppData\Local\Akamai
2013-08-28 15:15 - 2013-08-28 15:15 - 00015594 _____ C:\Users\Momir\Downloads\320300_496139051_attach.txt
2013-08-28 15:07 - 2013-08-28 15:07 - 00688992 ____R (Swearware) C:\Users\Momir\Downloads\dds.com
2013-08-28 05:15 - 2013-08-28 05:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Momir\Downloads\tdsskiller.exe
2013-08-28 04:59 - 2013-07-10 19:23 - 00000000 ___SD C:\Users\Momir\Google диск
2013-08-28 04:49 - 2011-08-15 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-28 04:44 - 2013-08-27 20:28 - 00000000 ____D C:\Program Files (x86)\Antichamber
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-08-28 04:36 - 2013-08-28 04:36 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-08-28 04:36 - 2013-06-02 19:48 - 00000000 ____D C:\Users\Momir\AppData\Local\Google
2013-08-28 04:36 - 2013-06-02 17:37 - 01311613 _____ C:\windows\WindowsUpdate.log
2013-08-28 04:36 - 2011-08-15 21:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 02:00 - 2013-06-03 20:24 - 00000000 ____D C:\Users\Momir\AppData\Local\Adobe
2013-08-27 20:31 - 2013-08-27 20:31 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Hive Cluster
2013-08-27 20:28 - 2013-08-27 20:28 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-08-26 20:28 - 2013-06-02 23:16 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Skype
2013-08-26 02:06 - 2013-08-26 02:06 - 00000000 ____D C:\Program Files (x86)\Recnik20
2013-08-24 21:06 - 2013-08-24 14:37 - 00000000 ____D C:\Users\Momir\Downloads\Now.You.See.Me.2013.EXTENDED.RERIP.720p.BRRip.x264-Fastbet99
2013-08-23 02:42 - 2013-07-16 13:09 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-21 00:54 - 2013-08-20 18:15 - 00000000 ____D C:\Users\Momir\AppData\Local\Freemake Music Box
2013-08-20 20:41 - 2013-06-05 15:23 - 00000000 ____D C:\Users\Momir\AppData\Roaming\DAEMON Tools Lite
2013-08-20 20:34 - 2013-08-20 20:34 - 00002222 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-20 20:21 - 2013-08-20 20:21 - 00000000 _____ C:\windows\setuperr.log
2013-08-20 18:17 - 2011-08-16 05:54 - 00000000 ____D C:\windows\Panther
2013-08-20 18:15 - 2013-06-05 22:44 - 00000000 ____D C:\Users\Momir\Documents\Freemake
2013-08-20 18:15 - 2013-06-05 22:44 - 00000000 ____D C:\ProgramData\Freemake
2013-08-20 17:09 - 2013-08-20 17:09 - 00001334 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-08-20 17:08 - 2013-06-02 19:56 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Adobe
2013-08-20 16:54 - 2013-08-20 16:54 - 00001346 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-08-20 16:54 - 2013-06-05 22:43 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-20 16:53 - 2013-08-20 16:53 - 00001262 _____ C:\Users\Public\Desktop\Freemake Music Box.lnk
2013-08-20 16:29 - 2013-08-20 16:27 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-20 15:36 - 2009-07-14 06:45 - 05112280 _____ C:\windows\system32\FNTCACHE.DAT
2013-08-20 05:52 - 2013-08-20 05:52 - 00003506 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Momir-TOSH-Momir
2013-08-20 05:52 - 2013-06-08 22:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-20 05:50 - 2013-06-02 19:39 - 00141704 _____ C:\Users\Momir\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 05:45 - 2011-08-15 20:41 - 00000000 ____D C:\ProgramData\Adobe
2013-08-20 05:44 - 2011-08-15 20:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-20 05:39 - 2013-08-20 05:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-20 05:38 - 2013-06-08 22:04 - 00000000 ____D C:\Program Files\Adobe
2013-08-20 05:31 - 2013-08-20 05:31 - 00000000 ____D C:\ProgramData\ALM
2013-08-20 05:26 - 2013-08-20 05:26 - 00000000 ____D C:\Users\Momir\Adobe Flash Builder 4.6
2013-08-20 05:26 - 2013-06-02 19:32 - 00000000 ____D C:\Users\Momir
2013-08-20 05:21 - 2013-08-20 05:21 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-19 23:43 - 2013-08-19 23:40 - 00000132 _____ C:\Users\Momir\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-19 23:16 - 2013-06-02 19:38 - 00000000 ____D C:\Users\Momir\AppData\Local\VirtualStore
2013-08-19 22:50 - 2013-08-19 22:50 - 00000854 _____ C:\Users\Momir\Documents\hosts.txt
2013-08-18 15:54 - 2013-08-18 15:35 - 00000000 ____D C:\Users\Momir\Downloads\Icons
2013-08-18 13:21 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-08-17 21:43 - 2013-06-16 04:00 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-17 21:42 - 2013-06-02 22:40 - 00000000 ____D C:\Users\Momir\AppData\Roaming\DVDVideoSoft
2013-08-16 23:39 - 2013-08-16 23:39 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2013-08-16 23:21 - 2013-07-30 06:34 - 00000000 ____D C:\Users\Momir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-16 23:14 - 2013-08-16 23:14 - 00000000 ____D C:\Westwood
2013-08-14 15:16 - 2013-06-05 15:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 15:12 - 2009-07-14 07:13 - 00784900 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 15:09 - 2013-07-17 21:37 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 15:05 - 2013-06-05 01:02 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-12 20:34 - 2013-08-12 20:12 - 00000000 ____D C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge
2013-08-12 20:01 - 2013-08-12 20:13 - 00720896 _____ (Indigo Rose Corporation) C:\windows\iun6002.exe
2013-08-10 21:39 - 2013-06-08 20:50 - 00000000 ____D C:\Users\Momir\AppData\Local\cache
2013-08-10 19:38 - 2013-08-10 19:34 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2013-08-08 12:06 - 2013-08-08 12:06 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-08 12:06 - 2013-08-08 12:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-08 12:06 - 2013-08-08 12:06 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-08 12:06 - 2013-08-08 12:06 - 00000000 ____D C:\windows\system32\Macromed
2013-08-08 11:38 - 2013-08-08 11:38 - 00000000 ____D C:\Users\Momir\Documents\My Cheat Tables
2013-08-08 11:24 - 2013-08-08 11:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-08 09:06 - 2013-06-02 23:09 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-08-07 18:15 - 2013-08-07 18:15 - 00000173 _____ C:\Users\Momir\AppData\Local\msmathematics.qat.Momir
2013-08-07 16:21 - 2013-08-07 16:21 - 00000000 ____D C:\Program Files\Microsoft Mathematics
2013-07-30 22:57 - 2013-06-29 17:55 - 00000000 ____D C:\Program Files (x86)\RAR Password Unlocker
2013-07-30 22:56 - 2013-07-25 10:53 - 00000000 ____D C:\Users\Momir\AppData\Roaming\.minecraft
2013-07-30 09:25 - 2013-07-30 09:09 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-07-30 09:09 - 2013-07-30 09:09 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-07-30 09:09 - 2013-06-08 20:49 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-30 06:37 - 2013-07-25 20:22 - 00000000 ____D C:\Users\Momir\Documents\My Games
2013-07-30 06:29 - 2013-07-30 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-07-29 01:46 - 2013-07-29 01:46 - 00000000 ____D C:\Users\Momir\Documents\Electronic Arts

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 13:33

==================== End Of Log ============================

Izvini, nisam znao da ne mogu da pošaljem dve poruke za redom. Problem je rešen. Hvala ti puno!

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pricekaj, imamo jos par stvari da odradimo, sto ukljucuje ARK (Rootkit) proveru i popravku stete koju je virus naneo. Nece dugo trajati...

offline
  • Pridružio: 28 Avg 2013
  • Poruke: 10

Nema problema.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)




Korak 2.

Preuzmi ESET services repair tool na Desktop.

Pokreni ServicesRepair.exe

Klikni Yes kada se pojavi prozor

Kada alat zavrsi, zatrazice ti da restartujes racunar. Klikni na Yes

Nakon restarta, na Desktop-u ce se nalaziti CC Support folder, a u okviru njega folder Logs

Unutar foldera Logs se nalazi SvcRepair.txt fajl ciji sadrzaj treba da kopiras u temu.



Korak 3.

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

Ko je trenutno na forumu
 

Ukupno su 784 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 739 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amstel2, Andrija357, Atomski čoban, Bahuss, bojank, Boris90, CheefCoach, Cirkon, dac, Djole, dragoljub11987, havoc995, Hoegaarden, hyla, Insan, ivica976, Kaplar2, MB120mm, Mixelotti, moldway, MrNo, Neo BetOnBit, Oscar2, Panonsky, peruni, repac, rus1974, shone34, Snorks, sokars, stug, Toni, trundle, trutcina, VJ, vlvl, W123, wolverined4, Yellow Pinky, zljubomir