provera zarazenosti racunara

1

provera zarazenosti racunara

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

U poslednje vreme imam utisak da mi je racunar zarazen sto se ocituje mnogo tezim otvaranjem stranica,restartovanjem iz cista mira zatim desava se cesto da na internetu ne mogu uci u neki program a razlog bude netacna godina u datumu,dan i mesec budu tacni a godina netacna odmah posle palenja iako niko nije nista menjao,sat takodje bude tacan.Pre par dana avg antivirus mi je skeniranjem otkrio 20-ak pretnji i virusa a da kazem da je to avg free skinut sa interneta tako da sumnjam da toga ima jos sto avg nije otkrio pDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by digital at 14:26:52 on 2014-03-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.410 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
\??\C:\Program Files\AVG\AVG2014\avgrsx.exe
\??\C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
BHO: FastestTube: {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - c:\program files\fastesttube\2.1.9\WombatBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
EB: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [TWCU] "c:\program files\tp-link\tp-link 54m wireless client utility\TWCU.exe" -nogui
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 10.0.0.1 87.250.98.250 87.250.97.250
TCP: Interfaces\{05F2CDEC-E13B-4347-9AC3-5465F5FCC2C3} : DHCPNameServer = 10.0.0.1 87.250.98.250 87.250.97.250
TCP: Interfaces\{FB35BF60-8BCE-4F6A-B41A-862A4CAF1A5D} : NameServer = 91.191.59.118 87.250.98.250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\digital\application data\mozilla\firefox\profiles\3wogsn23.default-1394194656047\
FF - plugin: c:\documents and settings\digital\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\games\greenwebplayer\npgreenwebplayer.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1205146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-2 37664]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/09 12:22:29];c:\program files\cyberlink\powerdvd9\000.fcl [2009-5-7 87536]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2013-12-21 16384]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2012-2-9 1287296]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
S2 PopularScreensavers_7iService;PopularScreensaversService;c:\progra~1\popula~2\bar\2.bin\7ibarsvc.exe --> c:\progra~1\popula~2\bar\2.bin\7ibarsvc.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 12:21:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-29 12:21:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-24 17:35:59 21840 ----atw- c:\windows\system32\SIntfNT.dll
2014-01-24 17:35:59 17212 ----atw- c:\windows\system32\SIntf32.dll
2014-01-24 17:35:58 12067 ----atw- c:\windows\system32\SIntf16.dll
2014-01-19 20:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 10:39:16 48640 ----a-w- c:\windows\mmfs.dll
2013-12-21 10:39:16 249856 ----a-w- c:\windows\lcmmfu.cpl
2013-12-21 10:39:16 16384 ----a-w- c:\windows\runservice.exe
2013-12-21 09:45:45 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2013-12-21 09:45:45 115432 ----a-w- c:\windows\system32\OpenAL32.dll
16514-03-19 13:01:46 1401 --sha-w- c:\windows\system32\mmf.sys
.
============= FINISH: 14:28:02,64 ===============
a vas molim da mi to proverite.
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav slavisa71,

Pre nego sto nastavimo, voleo bih da obavimo temeljnu proveru racunara na aktivan RootKit. Ova vrsta malware je u vecini slucajeva teska za detekciju te iz tog razloga koristimo i poseban ARK (antirootkit) alat za detekciju.

Napomena:
DDS izvestaj prikazuje aktivan AppInit_DLLs kljuc i fajl. MBAR rutinski proverava ovu vrednost kljuca te imaj na umu da ce te MBAR upitati za 'AppInit_DLLs' unos. Na prozor/upit koji dobijes, odgovori potvrdno (Yes/Ok).








Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org

Database version: v2014.03.19.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: DIGITAL-1765423 [administrator]

19.3.2014 16:09:30
mbar-log-2014-03-19 (16-09-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 212101
Time elapsed: 1 hour(s), 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\digital\My Documents\Downloads\BestCodecsPackSetup.exe (Adware.InstallBrain) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,

Zadovoljan sam sa MBAR izvestajima.
DDS izvestaji govore na je AVG aktivan na sistemu, ali nije azuriran (tj. ne poseduje zadnju bazu definicija). Postaraj se da je AVG 'updated'.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}






Sada idemo dalje...
Napomena: Potrebno je iskljuciti AVG 'real-time' stitove dok alat Zoek obavlja operacije:





Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

QuickScan;
Uninstall-List;
c:\program files\sitefinder;fs
c:\progra~1\searchprotect;fs
c:\progra~1\popula~2\bar\2.bin\7ibarsvc.exe;f
{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D};c
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe];r
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe];r
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows];r
"AppInit_DLLs"="";r
PopularScreensavers_7iService;s
Reboot;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by digital on sre 19.03.2014 at 19:09:18,64.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\digital\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.3.2014 19:16:19 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PopularScreensavers_7iService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PopularScreensavers_7iService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PopularScreensavers_7iService deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe]
[-HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

==== Deleting Files \ Folders ======================

c:\progra~1\searchprotect not found
"c:\progra~1\popula~2\bar\2.bin\7ibarsvc.exe" not found
c:\program files\sitefinder deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-03-11 23:34:51 57B83564A98F1298B5338C6D5F90519B 1374 ----a-w- C:\WINDOWS\imsins.BAK
====== C:\DOCUME~1\digital\LOCALS~1\Temp ====
28507-02-07 04:09:31 B9BF0B4248DC7D74079DF7AB8071C637 720896 ----a-w- C:\Documents and Settings\digital\Local Settings\Temp\EAInstall.dll
====== Java Cache =====
2014-03-09 10:30:33 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\digital\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4d4f022a
====== C:\WINDOWS\system32 =====
2014-03-08 15:07:43 C94EC0201AD94C0A25461F1073F60493 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl
2014-03-08 15:07:43 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\WINDOWS\System32\javaws.exe
2014-03-08 15:07:12 FD80D0AE205EC54D1A204DDBD6B766DA 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
2014-03-08 15:07:10 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\WINDOWS\System32\javaw.exe
2014-03-08 15:07:08 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
2014-03-19 15:09:15 024ACCA2F972EE094EB0F4289F2FA893 107224 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-03-19 15:06:39 6F0D0617310A677360B7EB6D2D59086E 52312 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-03-07 13:14:45 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Documents and Settings\digital\Application Data ======
2014-03-19 17:52:51 -------- d-----w- C:\Documents and Settings\digital\Start Menu\Programs\CyberLink PowerDVD 9
2014-03-01 15:42:54 -------- d-----w- C:\Documents and Settings\digital\Application Data\skypePM
====== C:\Documents and Settings\digital ======
2014-03-06 15:09:55 -------- d--h--r- C:\Documents and Settings\digital\Recent

====== C: exe-files ==
2014-03-19 15:06:12 BA63FE28CD27A9B3501883689EBE4D5C 821560 ----a-w- C:\Documents and Settings\digital\Desktop\mbar\Plugins\fixdamage.exe
2014-03-19 15:06:12 7C3400A4EAE86C697F74756F783B9DA3 1180472 ----a-w- C:\Documents and Settings\digital\Desktop\mbar\mbar.exe
2014-03-19 15:03:22 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Documents and Settings\digital\My Documents\Downloads\mbar-1.07.0.1009.exe
2014-03-17 17:22:34 C7A9C24B681124159AC8F9EC053404E7 644431 ----a-w- C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
2014-03-17 17:21:05 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(7).exe
2014-03-14 17:56:18 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(8).exe
2014-03-13 17:45:15 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(6).exe
2014-03-13 17:42:22 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(5).exe
2014-03-13 17:39:22 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(4).exe
2014-03-13 17:37:36 9994F539B965C6ADDB2EC871FC9D650B 1070496 ----a-w- C:\Documents and Settings\digital\My Documents\Preuzimanja\UnityWebPlayer(3).exe
=== C: other files ==
2014-03-19 18:05:41 DCF741DF9F654F5A2C1BEC789F53AEB3 1414742 ----a-w- C:\RECYCLER\S-1-5-21-1757981266-562591055-1177238915-1003\Dc3.com
2014-03-19 15:09:15 024ACCA2F972EE094EB0F4289F2FA893 107224 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2014-03-19 15:06:39 6F0D0617310A677360B7EB6D2D59086E 52312 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-03-19 13:25:44 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Documents and Settings\digital\My Documents\Downloads\dds.com

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe -nogui"
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
"RemoteControl9"="C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe"
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\\\Phone\\Skype.exe\" /nosplash /minimized"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.01.2014 13:21]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24.06.2013 13:06]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24.06.2013 13:06]
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [26.02.2014 02:59]
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ [Undetermined Task]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19.04.2013 12:35]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\3wogsn23.default-1394194656047
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
65C1D9F74004E775F9A8598476ABE5EE - C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
C2321043FA2CA4C32FF449DE6116B5D9 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
B50F45C9DCE776FCA64A3A8BD3D6A6F7 - C:\Games\GreenWebPlayer\npgreenwebplayer.dll - GreenWebPlayer
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM


==== Chrome Look ======================

Value apps - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Google Wallet - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Uninstall List x86 ======================

'Steel Fury - Kharkov 1942' [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\STLFR_eng_is1]
7-Zip 9.15 beta [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip]
Adobe Flash Player 12 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Flash Player ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Shockwave Player 12.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
Advertising Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}]
AGEIA PhysX v6.10.05 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}]
AIMP2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AIMP2]
ATI Display Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver]
AVG 2014 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A7378875-1EF9-46BB-9316-BFB615CB45DA}]
AVG 2014 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26B07BA-A768-4420-844E-771E05F0D965}]
AVG 2014 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
BitLord 2.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitLord]
BS.Player FREE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayerf]
C-Media High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\C-Media Audio Driver]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Cool Smiley Bar for Facebook [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cool Smiley Bar for Facebook]
Counter Strike 1.6 Reloaded [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Counter Strike 1.6 Reloaded]
CyberLink PowerDVD 9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}]
CyberLink PowerDVD 9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}]
DolbyFiles [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}]
FastestTube-1.3.7.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6FE96CE-99C3-42DE-AD9B-E0A63BD7805D}_is1]
FastestTube [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FastestTube]
ffdshow v1.2.4422 [2012-04-09] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1]
GameSpy Arcade [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
GreenWebPlayer [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\gwp-DEFAULT]
GreyGray 2013.11.07.204235 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GreyGray]
Haali Media Splitter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HaaliMkx]
ImgBurn [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn]
iVIDI Plugin 1.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iVIDI Plugin]
Java 7 Update 51 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
K-Lite Codec Pack 6.1.0 (Full) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
Malwarebytes Anti-Malware 1.46 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
Microsoft .NET Framework 3.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]
Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]
Microsoft Compression Client Pack 1.0 for Windows XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1]
Microsoft User-Mode Driver Framework Feature Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
More 1 CD-ROM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D48E2F5-CE8E-4A55-88F9-205E889E7265}]
More 2 CD-ROM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7B4CE235-A1D4-48BA-86E4-3E3CE120166D}]
MotoGP2 Demo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MotoGP2 Demo_is1]
Mozilla Firefox 27.0.1 (x86 hr) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 27.0.1 (x86 hr)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
Nero 9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8b21818e-8510-4ae4-beeb-38260f3c1ef5}]
Nero ControlCenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}]
Nero InfoTool [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FBCDFD61-7DCF-4E71-9226-873BA0053139}]
Nero Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E8A80433-302B-4FF1-815D-FCC8EAC482FF}]
NeroBurningROM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D025A639-B9C9-417D-8531-208859000AF8}]
NeroExpress [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{595A3116-40BB-4E0F-A2E8-D7951DA56270}]
Ogg Codecs 0.80.15039 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ogg Codecs]
OpenAL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenAL]
PhotoScape [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape]
SiteFinder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiteFinder]
Skype™ 4.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D103C4BA-F905-437A-8049-DB24763BBE36}]
swMSM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
TP-LINK Wireless Client Utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0036B17C-2B0C-4D49-B50B-712F4B38B510}]
TuneUp Utilities 2014 (en-US) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{14C8CE46-C68C-461B-BCA9-E276A85851C6}]
Unity Web Player [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
Vauddix [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56}]
Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
WebFldrs XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
Windows Internet Explorer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie8]
Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11]
Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]
Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wmp11]
WinRAR 5.01 beta 1 (32-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
YTD Video Downloader 3.9.6 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3547 folders=561 282148965 bytes)

==== After Reboot ======================

==== EOF on sre 19.03.2014 at 19:51:28,06 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,
Zoek je radio radio citavih ~ 40+ minuta? Mnogo vremena ... trebao je relativno brzo da izvrsi fix al' moramo opet jos jednom. Posle ovoga bi i sistem trebao bolje da radi.




Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

EmptyFoldersCheck;Delete
EmptyCLSID;
AutoClean;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by digital on sre 19.03.2014 at 20:59:31,50.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\digital\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-19-185128.log 22631 bytes

==== Empty Folders Check ======================

C:\Program Files\GRETECH deleted successfully
C:\Program Files\Logs deleted successfully
C:\Program Files\Playlogic deleted successfully
C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse deleted successfully
C:\Documents and Settings\All Users\Start Menu\Programs\Sega deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts deleted successfully
C:\Documents and Settings\digital\Application Data\Media Player Classic deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Downloaded Installations deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19.04.2013 12:35]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\3wogsn23.default-1394194656047
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
65C1D9F74004E775F9A8598476ABE5EE - C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
C2321043FA2CA4C32FF449DE6116B5D9 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
B50F45C9DCE776FCA64A3A8BD3D6A6F7 - C:\Games\GreenWebPlayer\npgreenwebplayer.dll - GreenWebPlayer
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM


==== Chrome Look ======================

Value apps - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Docs - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chrome Fix ======================

C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\digital\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\digital\Local Settings\Application Data\Mozilla\Firefox\Profiles\3wogsn23.default-1394194656047\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3554 folders=561 282248041 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\digital\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\digital\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\digital\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on sre 19.03.2014 at 21:30:03,76 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ovo sada izgleda mnogo bolje. Da li ti se stranice sada malo brze otvaraju? Da li komp sada bolje radi?

Iako ovo izgleda dobro, ja bih zeleo da odradimo jos jednu proveru koristeci FRST alat i njegovu dijagnostiku. Ti odradi ovo veceras il' kad' stignes i postavi ovde trazene izvestaje. Ja cu ih sutra pregledati i reci kako stoje stvari. Wink



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

nesto bze otvara a evo i izvestaja:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by digital (administrator) on DIGITAL-1765423 on 08-03-2014 20:27:48
Running from C:\Documents and Settings\digital\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\runservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files\Cyberlink\Shared Files\brs.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [TWCU] - C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe [479412 2008-03-26] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-05-07] (cyberlink)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [176128 2006-06-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1757981266-562591055-1177238915-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1757981266-562591055-1177238915-1003\...\MountPoints2: {4aa55184-8635-11e1-ac5b-0013d390875e} - ReCyClER\sEtUp.exe
HKU\S-1-5-21-1757981266-562591055-1177238915-1003\...\MountPoints2: {e239b2c8-ca14-11e2-af1a-54e6fcdab77c} - E:\PcOptions.exe
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: FastestTube - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\2.1.9\WombatBHO.dll (Kwizzu)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{FB35BF60-8BCE-4F6A-B41A-862A4CAF1A5D}: [NameServer]91.191.59.118 87.250.98.250

FireFox:
========
FF ProfilePath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\3wogsn23.default-1394194656047
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @popularscreensavers.com/Plugin - C:\Program Files\PopularScreensavers\NPp5Stub.dll No File
FF Plugin: @PopularScreensavers_7i.com/Plugin - C:\Program Files\PopularScreensavers_7i\bar\2.bin\NP7iStub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @greentube.com/GreenWebPlayer - C:\Games\GreenWebPlayer\npgreenwebplayer.dll (Greentube Internet Entertainment Solutions GmbH)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npffividiplg.dll (iVIDI.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPp5Stub.dll (popularscreensavers.com)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eudict.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: search.conduit.com/Results.aspx?ctid=CT3319.....731&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Novčanik) - C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-02-12] (Atheros)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-03-22] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-08] (Oracle Corporation)
R2 LicCtrlService; C:\WINDOWS\runservice.exe [16384 2013-12-21] ()
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [543712 2007-03-27] (Atheros Communications, Inc.)
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [166400 2006-10-29] (ATI Technologies Inc.)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [271360 2012-02-10] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-04] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cmudax; C:\WINDOWS\System32\drivers\cmudax.sys [1287296 2006-08-15] (C-Media Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2012-02-10] ()
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2006-10-29] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [55840 2006-11-15] (Atheros Communications, Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-05-07] (CyberLink Corp.)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-19 21:24 - 2014-03-19 20:58 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-19 21:00 - 2014-03-19 19:51 - 00022631 _____ () C:\zoek-results2014-03-19-185128.log
2014-03-19 19:15 - 2014-03-19 21:30 - 00009107 _____ () C:\zoek-results.log
2014-03-19 19:05 - 2014-03-08 11:24 - 01285120 _____ () C:\Documents and Settings\digital\Desktop\zoek.exe
2014-03-19 16:09 - 2014-03-19 16:09 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-19 16:06 - 2014-03-19 17:56 - 00000000 ____D () C:\Documents and Settings\digital\Desktop\mbar
2014-03-19 16:06 - 2014-03-19 16:06 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-19 14:28 - 2014-03-19 14:28 - 00008854 _____ () C:\Documents and Settings\digital\Desktop\dds.txt
2014-03-19 14:28 - 2014-03-19 14:28 - 00008854 _____ () C:\Documents and Settings\digital\Desktop\attach.txt
2014-03-15 13:44 - 2014-03-15 18:23 - 00003072 ____H () C:\Documents and Settings\digital\Desktop\photothumb.db
2014-03-14 21:52 - 2014-03-15 21:03 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-03-13 20:59 - 2014-03-13 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-12 00:35 - 2014-03-12 00:36 - 00012146 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 00:35 - 2014-03-12 00:36 - 00002731 _____ () C:\WINDOWS\updspapi.log
2014-03-12 00:35 - 2014-03-12 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 00:34 - 2014-03-12 00:36 - 00019898 _____ () C:\WINDOWS\iis6.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00018549 _____ () C:\WINDOWS\FaxSetup.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00008463 _____ () C:\WINDOWS\tsoc.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00006177 _____ () C:\WINDOWS\comsetup.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00005634 _____ () C:\WINDOWS\msmqinst.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00003741 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00003249 _____ () C:\WINDOWS\netfxocm.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00001275 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00000933 _____ () C:\WINDOWS\tabletoc.log
2014-03-12 00:34 - 2014-03-12 00:36 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-03-12 00:34 - 2014-03-12 00:35 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-11 18:53 - 2014-03-12 00:35 - 00011813 _____ () C:\WINDOWS\KB2930275.log
2014-03-11 18:53 - 2014-03-12 00:35 - 00010399 _____ () C:\WINDOWS\KB2929961.log
2014-03-08 20:26 - 2014-03-08 20:27 - 00000000 ____D () C:\FRST
2014-03-08 16:07 - 2014-03-08 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-08 16:07 - 2014-03-08 16:05 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-08 16:07 - 2014-03-08 16:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-08 16:07 - 2014-03-08 16:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-08 16:07 - 2014-03-08 16:04 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-08 16:07 - 2014-03-08 16:04 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-07 17:35 - 2014-03-17 19:07 - 00000000 ____D () C:\Documents and Settings\digital\My Documents\Preuzimanja
2014-03-07 14:14 - 2014-03-07 14:14 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-07 14:14 - 2014-03-07 14:14 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-07 14:14 - 2014-03-07 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-06 15:04 - 2014-03-06 15:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-06 14:36 - 2014-03-06 14:41 - 00000000 ____D () C:\AdwCleaner
2014-03-01 16:42 - 2014-03-02 00:04 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\skypePM
2014-03-01 16:42 - 2014-03-01 16:42 - 00000048 ____H () C:\WINDOWS\system32\ezsidmv.dat
2014-02-15 16:45 - 2014-03-07 14:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-13 12:41 - 2014-02-13 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kromtech
2014-02-13 01:00 - 2014-02-13 01:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 17:21 - 2014-02-12 17:21 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\SiteFinder
2014-02-11 23:08 - 2014-02-12 16:10 - 00000000 ____D () C:\Documents and Settings\digital\My Documents\GTA Vice City User Files
2014-02-11 20:35 - 2014-02-11 20:35 - 00000000 ____D () C:\Documents and Settings\digital\Local Settings\Application Data\CrashRpt
2014-02-08 15:02 - 2014-02-08 15:12 - 00000000 ____D () C:\Documents and Settings\digital\Start Menu\Programs\Aplikacije sustava Chrome

==================== One Month Modified Files and Folders =======

2099-08-02 20:44 - 2003-01-07 21:26 - 00000000 ____D () C:\WINDOWS\pchealth
2099-03-19 14:07 - 2003-01-01 00:04 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-19 22:52 - 2012-02-09 23:01 - 00000178 __SHC () C:\Documents and Settings\digital\ntuser.ini
2014-03-19 22:52 - 2012-02-09 23:00 - 00032074 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-19 21:30 - 2014-03-19 19:15 - 00009107 _____ () C:\zoek-results.log
2014-03-19 21:18 - 2013-11-29 17:45 - 00000000 ____D () C:\zoek_backup
2014-03-19 20:58 - 2014-03-19 21:24 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-19 19:51 - 2014-03-19 21:00 - 00022631 _____ () C:\zoek-results2014-03-19-185128.log
2014-03-19 17:56 - 2014-03-19 16:06 - 00000000 ____D () C:\Documents and Settings\digital\Desktop\mbar
2014-03-19 17:41 - 2013-09-20 21:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-03-19 16:09 - 2014-03-19 16:09 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-19 16:09 - 2013-04-11 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-19 16:06 - 2014-03-19 16:06 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-19 14:28 - 2014-03-19 14:28 - 00008854 _____ () C:\Documents and Settings\digital\Desktop\dds.txt
2014-03-19 14:28 - 2014-03-19 14:28 - 00008854 _____ () C:\Documents and Settings\digital\Desktop\attach.txt
2014-03-18 23:12 - 2013-08-14 13:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 23:05 - 2013-04-22 15:24 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 21:19 - 2012-06-07 20:43 - 00000000 ___RD () C:\Documents and Settings\digital\Desktop\slike
2014-03-17 19:07 - 2014-03-07 17:35 - 00000000 ____D () C:\Documents and Settings\digital\My Documents\Preuzimanja
2014-03-15 22:18 - 2013-01-27 21:43 - 00000000 ____D () C:\Documents and Settings\digital\Desktop\narodni mix
2014-03-15 21:03 - 2014-03-14 21:52 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-03-15 18:23 - 2014-03-15 13:44 - 00003072 ____H () C:\Documents and Settings\digital\Desktop\photothumb.db
2014-03-15 13:50 - 2014-02-05 18:50 - 00001809 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-15 13:44 - 2014-01-01 15:46 - 00000000 ____D () C:\Documents and Settings\digital\Desktop\NOVA 2014
2014-03-15 11:34 - 2013-05-28 12:34 - 00264704 ___SH () C:\Documents and Settings\digital\Desktop\Thumbs.db
2014-03-15 11:10 - 2014-02-01 20:17 - 00001968 _____ () C:\Documents and Settings\digital\Desktop\BitLord.lnk
2014-03-13 20:59 - 2014-03-13 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-13 20:59 - 2013-09-05 22:29 - 00000714 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-13 16:58 - 2003-01-01 00:05 - 00023916 _____ () C:\WINDOWS\setupapi.log
2014-03-12 00:36 - 2014-03-12 00:35 - 00012146 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 00:36 - 2014-03-12 00:35 - 00002731 _____ () C:\WINDOWS\updspapi.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00019898 _____ () C:\WINDOWS\iis6.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00018549 _____ () C:\WINDOWS\FaxSetup.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00008463 _____ () C:\WINDOWS\tsoc.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00006177 _____ () C:\WINDOWS\comsetup.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00005634 _____ () C:\WINDOWS\msmqinst.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00003741 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00003249 _____ () C:\WINDOWS\netfxocm.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00001275 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00000933 _____ () C:\WINDOWS\tabletoc.log
2014-03-12 00:36 - 2014-03-12 00:34 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-03-12 00:35 - 2014-03-12 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 00:35 - 2014-03-12 00:34 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-12 00:35 - 2014-03-11 18:53 - 00011813 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 00:35 - 2014-03-11 18:53 - 00010399 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 00:35 - 2013-04-19 12:17 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-12 00:34 - 2014-03-12 00:34 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-09 15:37 - 2013-02-18 22:11 - 00000000 ____D () C:\Documents and Settings\digital\Desktop\Daca
2014-03-08 20:27 - 2014-03-08 20:26 - 00000000 ____D () C:\FRST
2014-03-08 20:22 - 2012-02-09 22:17 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\AIMP
2014-03-08 20:12 - 2013-06-24 13:06 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 19:53 - 2013-04-10 14:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-08 16:07 - 2014-03-08 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-08 16:05 - 2014-03-08 16:07 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-08 16:04 - 2014-03-08 16:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-08 16:04 - 2014-03-08 16:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-08 16:04 - 2014-03-08 16:07 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-08 16:04 - 2014-03-08 16:07 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-08 11:24 - 2014-03-19 19:05 - 01285120 _____ () C:\Documents and Settings\digital\Desktop\zoek.exe
2014-03-07 14:14 - 2014-03-07 14:14 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-07 14:14 - 2014-03-07 14:14 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-07 14:14 - 2014-03-07 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-07 14:14 - 2014-02-15 16:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-06 15:04 - 2014-03-06 15:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-06 14:58 - 2013-04-11 13:37 - 00000000 ____D () C:\Documents and Settings\digital\My Documents\Преузимања
2014-03-06 14:41 - 2014-03-06 14:36 - 00000000 ____D () C:\AdwCleaner
2014-03-02 18:44 - 2013-09-29 09:55 - 00000000 ___RD () C:\Documents and Settings\digital\Desktop\nikola
2014-03-02 16:26 - 2012-02-09 20:31 - 00000000 ___RD () C:\Documents and Settings\digital\Desktop\SLAVISA
2014-03-02 16:25 - 2012-04-18 15:22 - 00000000 ____D () C:\Program Files\GTI Racing [R-ENG]
2014-03-02 00:50 - 2012-02-09 12:27 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\Skype
2014-03-02 00:04 - 2014-03-01 16:42 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\skypePM
2014-03-01 16:42 - 2014-03-01 16:42 - 00000048 ____H () C:\WINDOWS\system32\ezsidmv.dat
2014-02-26 02:59 - 2003-01-01 00:06 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-26 02:59 - 2003-01-01 00:06 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-24 16:24 - 2008-04-14 13:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 16:24 - 2008-04-14 13:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 12:46 - 2013-04-18 10:55 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 12:46 - 2012-02-09 22:55 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 12:46 - 2008-04-14 13:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 12:45 - 2013-04-18 10:55 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 12:45 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 12:45 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 12:45 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 12:45 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 12:45 - 2008-04-14 13:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 12:45 - 2008-04-14 13:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 12:45 - 2008-04-14 13:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 11:54 - 2008-04-14 13:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-13 21:53 - 2013-12-01 11:49 - 00005443 _____ () C:\DelFix.txt
2014-02-13 21:52 - 2014-02-13 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-13 14:10 - 2013-01-17 22:33 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 12:41 - 2014-02-13 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kromtech
2014-02-13 01:00 - 2014-02-13 01:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 00:56 - 2003-01-07 21:35 - 00488716 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 17:21 - 2014-02-12 17:21 - 00000000 ____D () C:\Documents and Settings\digital\Application Data\SiteFinder
2014-02-12 16:10 - 2014-02-11 23:08 - 00000000 ____D () C:\Documents and Settings\digital\My Documents\GTA Vice City User Files
2014-02-12 15:04 - 2012-03-22 13:27 - 00024064 _____ () C:\Documents and Settings\digital\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 20:35 - 2014-02-11 20:35 - 00000000 ____D () C:\Documents and Settings\digital\Local Settings\Application Data\CrashRpt
2014-02-08 15:12 - 2014-02-08 15:02 - 00000000 ____D () C:\Documents and Settings\digital\Start Menu\Programs\Aplikacije sustava Chrome
2014-02-08 15:09 - 2012-02-09 12:27 - 00000000 ___RD () C:\Program Files\Skype
2014-02-07 03:01 - 2008-04-14 13:00 - 01879040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32k.sys
2014-02-07 03:01 - 2008-04-14 13:00 - 01879040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================









Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by digital at 2014-03-08 20:36:01
Running from C:\Documents and Settings\digital\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

7-Zip 9.15 beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
AGEIA PhysX v6.10.05 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 6.10.05 - AGEIA Technologies, Inc.)
AIMP2 (HKLM\...\AIMP2) (Version: - AIMP DevTeam)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.121-050322a-022141C-ATI - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
BitLord 2.3 (HKLM\...\BitLord) (Version: 2.3.2-254 - House of Life)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.53.1033 - Webteh, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
C-Media High Definition Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
Cool Smiley Bar for Facebook (HKLM\...\Cool Smiley Bar for Facebook) (Version: 1.0.0.3 - Plus Winks) <==== ATTENTION
Counter Strike 1.6 Reloaded (HKLM\...\Counter Strike 1.6 Reloaded) (Version: 1.00 - The Reloaded Team)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.1719 - CyberLink Corp.) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
FastestTube (HKLM\...\FastestTube) (Version: 2.1.9 - Kwizzu)
FastestTube-1.3.7.0 (HKLM\...\{E6FE96CE-99C3-42DE-AD9B-E0A63BD7805D}_is1) (Version: - )
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GreenWebPlayer (HKCU\...\gwp-DEFAULT) (Version: - ) <==== ATTENTION
GreyGray 2013.11.07.204235 (HKLM\...\GreyGray) (Version: 2013.11.07.204235 - GreyGray) <==== ATTENTION
GTI Racing [ENG repacked 1.0] (HKLM\...\GTI Racing [ENG repacked 1.0]) (Version: - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
iVIDI Plugin 1.3 (HKLM\...\iVIDI Plugin) (Version: 1.3 - iVIDI Plugin, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 6.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - )
Malwarebytes Anti-Malware 1.46 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: - malwarebytes.org/)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
More! 1 CD-ROM (HKLM\...\{7D48E2F5-CE8E-4A55-88F9-205E889E7265}) (Version: 1.0.4 - Cambridge University Press)
More! 2 CD-ROM (HKLM\...\{7B4CE235-A1D4-48BA-86E4-3E3CE120166D}) (Version: 1.0.0 - Cambridge University Press)
MotoGP2 Demo (HKLM\...\MotoGP2 Demo_is1) (Version: - THQ)
Mozilla Firefox 27.0.1 (x86 hr) (HKLM\...\Mozilla Firefox 27.0.1 (x86 hr)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Nero 9 (HKLM\...\{8b21818e-8510-4ae4-beeb-38260f3c1ef5}) (Version: - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.26.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.26.100 - Nero AG) Hidden
Ogg Codecs 0.80.15039 (HKLM\...\Ogg Codecs) (Version: 0.80.15039 - Xiph.Org)
OpenAL (HKLM\...\OpenAL) (Version: - )
PhotoScape (HKLM\...\PhotoScape) (Version: - )
SiteFinder (HKLM\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
'Steel Fury - Kharkov 1942' (HKLM\...\STLFR_eng_is1) (Version: - Lighthouse Interactive)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TP-LINK Wireless Client Utility (HKLM\...\{0036B17C-2B0C-4D49-B50B-712F4B38B510}) (Version: - TP-LINK)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.88 - TuneUp Software) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Vauddix (HKLM\...\{681002C6-5019-81A2-7871-A43754F71E56}) (Version: 4.0.0.1778 - Vaudixu)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
WinRAR 5.01 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
YTD Video Downloader 3.9.6 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

==================== Restore Points =========================

13-02-2014 20:52:43 System Checkpoint
13-02-2014 20:52:43 Registry Reviver Restore Point (09/30/13)
13-02-2014 20:52:44 System Checkpoint
13-02-2014 20:52:45 System Checkpoint
13-02-2014 20:52:45 Software Distribution Service 3.0
13-02-2014 20:52:45 Installed More! 2 CD-ROM
13-02-2014 20:52:45 Software Distribution Service 3.0
13-02-2014 20:52:45 System Checkpoint
13-02-2014 20:52:45 Installed Java 7 Update 45
13-02-2014 20:52:45 System Checkpoint
13-02-2014 20:52:45 Installed DirectX
13-02-2014 20:52:45 System Checkpoint
13-02-2014 20:52:46 System Checkpoint
13-02-2014 20:52:46 System Checkpoint
13-02-2014 20:52:46 System Checkpoint
13-02-2014 20:52:46 Installed AVG PC TuneUp 2014
13-02-2014 20:52:46 Software Distribution Service 3.0
13-02-2014 20:52:46 Installed DirectX
13-02-2014 20:52:46 Removed AVG PC TuneUp 2014
13-02-2014 20:52:46 Removed AVG PC TuneUp 2014 (en-US)
13-02-2014 20:52:46 System Checkpoint
13-02-2014 20:52:46 System Checkpoint
13-02-2014 20:52:46 zoek.exe restore point
13-02-2014 20:52:46 Removed TuneUp Utilities 2014
13-02-2014 20:52:47 End of disinfection
13-02-2014 20:52:47 Installed Windows Media Player 11
13-02-2014 20:52:48 Installed Windows XP Wudf01000.
13-02-2014 20:52:48 Installed Windows XP MSCompPackV1.
13-02-2014 20:52:48 Software Distribution Service 3.0
13-02-2014 20:52:49 System Checkpoint
13-02-2014 20:52:49 System Checkpoint
13-02-2014 20:52:50 Installed AVG PC TuneUp 2014
13-02-2014 20:52:50 Removed AVG PC TuneUp 2014
13-02-2014 20:52:50 Removed AVG PC TuneUp 2014 (en-US)
13-02-2014 20:52:51 Software Distribution Service 3.0
13-02-2014 20:52:51 Removed America's Army
13-02-2014 20:52:52 Installed DirectX
13-02-2014 20:52:52 Installed DirectX
13-02-2014 20:52:53 System Checkpoint
13-02-2014 20:52:53 Registry Reviver Restore Point (01/01/03)
13-02-2014 20:52:55 Software Distribution Service 3.0
13-02-2014 20:52:55 Installed Java 7 Update 51
13-02-2014 20:52:56 Installed DirectX
13-02-2014 20:52:57 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
13-02-2014 20:52:57 Removed Google Drive
13-02-2014 20:52:58 Removed Skype Toolbars
13-02-2014 20:52:59 zoek.exe restore point
13-02-2014 20:52:59 Software Distribution Service 3.0
13-02-2014 20:53:19 End of disinfection
16-02-2014 18:03:01 System Checkpoint
28-02-2014 18:02:57 System Checkpoint
02-03-2014 13:44:05 GTI Racing [ENG repacked 1.0] Installation
06-03-2014 14:01:00 Software Distribution Service 3.0
08-03-2014 14:07:55 System Checkpoint
08-03-2014 15:02:36 Removed Java 7 Update 40
08-03-2014 15:04:20 Installed Java 7 Update 51
09-03-2014 17:18:02 System Checkpoint
11-03-2014 23:33:41 Software Distribution Service 3.0
14-03-2014 13:21:34 System Checkpoint
15-03-2014 14:58:03 System Checkpoint
16-03-2014 15:45:34 System Checkpoint
17-03-2014 16:11:23 System Checkpoint
18-03-2014 18:38:33 System Checkpoint
18-03-2014 22:04:30 Software Distribution Service 3.0
19-03-2014 16:38:51 Malwarebytes Anti-Rootkit Restore Point
19-03-2014 18:16:19 zoek.exe restore point

==================== Hosts content: ==========================

2008-04-14 13:00 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2013-12-21 11:39 - 2013-12-21 11:39 - 00016384 _____ () C:\WINDOWS\runservice.exe
2013-12-21 11:39 - 2013-12-21 11:39 - 00048640 _____ () C:\WINDOWS\mmfs.dll
2012-10-04 11:25 - 2007-04-10 08:25 - 00377014 _____ () C:\WINDOWS\system32\wgapi.dll
2012-10-04 11:25 - 2007-04-10 08:09 - 00094208 _____ () C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\oemres.dll
2014-03-07 14:14 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-15 13:48 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-03-15 13:49 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 13:49 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 13:48 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-01-29 13:21 - 2014-01-29 13:21 - 16287624 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:AD022376
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgnsx.exe, version 14.0.0.4302, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x0009f979.
Processing media-specific event for [avgnsx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4334, faulting module avgmfapx.exe, version 14.0.0.4334, fault address 0x003ce613.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgnsx.exe, version 14.0.0.4302, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x0009f979.
Processing media-specific event for [avgnsx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgnsx.exe, version 14.0.0.4302, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x0009f979.
Processing media-specific event for [avgnsx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4334, faulting module avgmfapx.exe, version 14.0.0.4334, fault address 0x003ce613.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgnsx.exe, version 14.0.0.4302, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x0009f979.
Processing media-specific event for [avgnsx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4334, faulting module avgmfapx.exe, version 14.0.0.4334, fault address 0x003ce613.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4334, faulting module avgmfapx.exe, version 14.0.0.4334, fault address 0x003ce613.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgnsx.exe, version 14.0.0.4302, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x0009f979.
Processing media-specific event for [avgnsx.exe!ws!]

Error: (08/24/2033 11:10:08 AM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4334, faulting module avgmfapx.exe, version 14.0.0.4334, fault address 0x003ce613.
Processing media-specific event for [avgmfapx.exe!ws!]


System errors:
=============
Error: (03/19/2014 06:52:59 PM) (Source: Service Control Manager) (User: )
Description: The PopularScreensaversService service failed to start due to the following error:
%%3

Error: (03/19/2014 05:45:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (03/19/2014 05:45:07 PM) (Source: Service Control Manager) (User: )
Description: The PopularScreensaversService service failed to start due to the following error:
%%3

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).

Error: (08/24/2033 11:10:08 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213658 (0xE001CA1A).


Microsoft Office Sessions:
=========================
Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgnsx.exe14.0.0.4302msvcr110.dll11.0.51106.10009f979

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4334avgmfapx.exe14.0.0.4334003ce613

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgnsx.exe14.0.0.4302msvcr110.dll11.0.51106.10009f979

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgnsx.exe14.0.0.4302msvcr110.dll11.0.51106.10009f979

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4334avgmfapx.exe14.0.0.4334003ce613

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgnsx.exe14.0.0.4302msvcr110.dll11.0.51106.10009f979

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4334avgmfapx.exe14.0.0.4334003ce613

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4334avgmfapx.exe14.0.0.4334003ce613

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgnsx.exe14.0.0.4302msvcr110.dll11.0.51106.10009f979

Error: (08/24/2033 11:10:08 AM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4334avgmfapx.exe14.0.0.4334003ce613


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 1022.42 MB
Available physical RAM: 247.6 MB
Total Pagefile: 2459.37 MB
Available Pagefile: 1721.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:44.01 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:154.75 GB) (Free:145.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F33DF33D)

Partition: GPT Partition Type.

==================== End Of Log ============================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Zdravo slavisa71,

Postavljeni FRST logovi izgledaju cisto. Nema tragova infekcije. FRST prijavljuje par zaostalih PUP/Adware programa (zapravo to su ostatci u regeditu) koje je potrebno da rucno uklonis.

Start > ControlPanel > Add or Remove programs i sa liste instaliranih programa pronadji (ako ih vidis) sledece programe i pokreni deinstalaciju. Da se ne zbunis, Windows ce najverovatnije detektovati da taj program ne postoji i uklonice ga sa liste zajedno sa tim kljucem koji FRST vidi.



-Cool Smiley Bar for Facebook
-GreenWebPlayer
-GreyGray 2013.11.07.204235
-SiteFinder


Potom otvori GoogleChrome i isprati ova podesavanja za postavljanje HomePage i SearchScope nazad na google.com/rs
http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html
tu je objasnjeno kako u GoogleChrome da postavis podesavanja nazad na google


--- --- --- --- --- ---


To bi bilo to. Ostatci bi trebali da su uklonjeni a infekcije nema.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 654 korisnika na forumu :: 15 registrovanih, 2 sakrivenih i 637 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojank, cikadeda, darios, darkangel, goxsys, havoc995, kybonacci, Leonardo, lovac12, madza, nuke92, robytz, Sass Drake, VJ, wolf431