spor kompjuter

1

spor kompjuter

offline
  • Pridružio: 30 Jan 2011
  • Poruke: 15

Pozdrav!
Evo , da vam se obratim za pomoć , pošto mi je
kompjuter jako spor. Ne samo internet nego uopšte
spor je unazad 7 dana.
skenirao sam aviromm i anti malvare, ali ništa nije nađeno .
Jedino mi je preostao da se ovde obratim nekome ko mi može pomoći.
Koirsim internet onaj najjeftinij hobi adsl.
Unapred hvala!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Administrator at 21:07:03 on 2013-11-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.266 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=MAXTORXSTM3802110AXXXXXXXXXXXXXXXX_9LR1WT2PXXXX9LR1WT2P&ts=1364043741
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=MAXTORXSTM3802110AXXXXXXXXXXXXXXXX_9LR1WT2PXXXX9LR1WT2P&ts=1364043741
mDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: {707db484-2428-402d-afb5-d85b387544c7} - <orphaned>
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2F85D76C-0569-466F-A488-493E6BD0E955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {707db484-2428-402d-afb5-d85b387544c7} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: StartMenuFavorites = dword:0
mPolicies-Explorer: Start_ShowMyComputer = dword:1
mPolicies-Explorer: Start_ShowMyDocs = dword:1
mPolicies-Explorer: Start_ShowMyMusic = dword:0
mPolicies-Explorer: Start_ShowRun = dword:1
mPolicies-Explorer: Start_ShowSearch = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{648AA501-6EDC-4988-9080-7CE084EBD633} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8D1D434F-F013-4B31-A103-DE66B079DEE6} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\oehrt3xr.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/
FF - plugin: c:\documents and settings\administrator\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - ExtSQL: 2013-09-29 13:13; ffxtlbr@delta.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\oehrt3xr.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-10-28 14:22; {96f454ea-9d38-474f-b504-56193e00c1a5}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\oehrt3xr.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f008d1440000000000000017316095ce
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15977
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.612:13:05
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tsp=5020
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2012-8-23 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2012-8-23 5248]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2010-12-17 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-12-17 11264]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-18 37352]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-3-18 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-3-18 440376]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-3-18 1164360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-18 90400]
R2 BBDemon;Backbone Service;c:\program files\dassault systemes\b17\intel_a\code\bin\CATSysDemon.exe [2006-4-29 49152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-10 418376]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-12-17 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
.
=============== Created Last 30 ================
.
2013-11-03 16:54:11 -------- d-----w- c:\program files\SafeNet Sentinel
2013-11-03 16:54:11 -------- d-----w- c:\program files\common files\SafeNet Sentinel
2013-11-03 16:52:31 -------- d-----w- c:\documents and settings\administrator\application data\PS-Exchange
2013-11-03 16:52:06 -------- d-----w- c:\program files\Delcam
2013-10-28 13:21:28 -------- d-----w- c:\documents and settings\administrator\application data\BitTorrent Sync
2013-10-28 13:20:16 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
2013-10-25 09:12:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-25 09:11:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-11-19 11:04:38 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-01 10:03:10 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
============= FINISH: 21:07:34.84 ===============

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.




Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 32bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 30 Jan 2011
  • Poruke: 15

Evo odrađeno po redosljedu
mycity.rs/must-login.png

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-22 23:29:35
-----------------------------
23:29:35.921 OS Version: Windows 5.1.2600 Service Pack 3
23:29:35.921 Number of processors: 1 586 0x5F02
23:29:35.921 ComputerName: EXPERIEN-FA9774 UserName: Administrator
23:29:36.296 Initialize success
23:41:14.109 AVAST engine defs: 13112200
23:47:38.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-a
23:47:38.703 Disk 0 Vendor: MAXTOR_STM3802110A 3.AAJ Size: 76319MB BusType: 3
23:47:38.703 Device \Driver\atapi -> MajorFunction 86bca6b8
23:47:38.718 Disk 0 MBR read successfully
23:47:38.718 Disk 0 MBR scan
23:47:38.765 Disk 0 Windows XP default MBR code
23:47:38.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39079 MB offset 63
23:47:38.828 Disk 0 Partition - 00 0F Extended LBA 37228 MB offset 80035830
23:47:38.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 37228 MB offset 80035893
23:47:38.890 Disk 0 scanning sectors +156280320
23:47:39.015 Disk 0 scanning C:\WINDOWS\system32\drivers
23:47:58.843 Service scanning
23:48:35.015 Modules scanning
23:48:54.968 Disk 0 trace - called modules:
23:48:54.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86bca6b8]<<
23:48:55.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7aab8]
23:48:55.000 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\0000007a[0x86d58760]
23:48:55.000 5 ACPI.sys[f7338620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-a[0x86d7d940]
23:48:55.000 \Driver\atapi[0x86d58cf8] -> IRP_MJ_CREATE -> 0x86bca6b8
23:48:55.531 AVAST engine scan C:\WINDOWS
23:49:05.515 AVAST engine scan C:\WINDOWS\system32
23:53:08.421 AVAST engine scan C:\WINDOWS\system32\drivers
23:53:23.515 AVAST engine scan C:\Documents and Settings\Administrator
00:05:52.843 AVAST engine scan C:\Documents and Settings\All Users
00:07:47.015 Scan finished successfully
00:10:32.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:10:32.812 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013 03
Ran by Administrator (administrator) on EXPERIEN-FA9774 on 23-11-2013 18:02:33
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [x]
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKLM\...\Policies\Explorer: [StartMenuFavorites] 0
HKLM\...\Policies\Explorer: [Start_ShowMyComputer] 1
HKLM\...\Policies\Explorer: [Start_ShowMyDocs] 1
HKLM\...\Policies\Explorer: [Start_ShowMyMusic] 0
HKLM\...\Policies\Explorer: [Start_ShowRun] 1
HKLM\...\Policies\Explorer: [Start_ShowSearch] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoStartBanner] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKCU\...\Policies\Explorer: [NoSharedDocuments] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7F76DC0D-541E-4E2F-A274-607C5E50D082} URL = websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^BA&apn_uid=53127d3f-5061-4c23-a660-3583e1796339&apn_sauid=F6A78D62-A919-45E2-B3EE-7D7F098BEBD2
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} quickscan.bitdefender.com/qsax/qsax.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [233472 2006-03-13] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default
FF Homepage: google.rs/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ftd - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\ftd@ftd.com.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google \u043F\u0440\u0435\u0432\u043E\u0434\u0438\u043B\u0430\u0446) - translate.google.com/?source=osdd#auto|auto|{searchTerms}
CHR DefaultSuggestURL: (Google \u043F\u0440\u0435\u0432\u043E\u0434\u0438\u043B\u0430\u0446) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Angry Birds) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (\u0420\u043E\u0441\u0441\u0438\u044F \u0422\u0412) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj\2.0.6_0
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0
CHR Extension: (Stylish) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0
CHR Extension: (Pixlr Express) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.2_0
CHR Extension: (Google Maps) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Telebas TV) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nnkmjgmdjeecojjdhiemgiiahgjacnle\1.0.0.4_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-07-21] ()
R2 BBDemon; C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 d347bus; C:\Windows\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( )
R0 d347prt; C:\Windows\System32\Drivers\d347prt.sys [5248 2004-08-22] ( )
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-03-20] (Microsoft Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 LUMDriver; C:\WINDOWS\system32\drivers\LUMDriver.sys [14912 2003-07-11] (IBM)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv614x; C:\Windows\System32\DRIVERS\mv614x.sys [63232 2006-07-04] ()
R0 nvatabus; C:\Windows\System32\Drivers\nvatabus.sys [100736 2008-05-03] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-10] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-18] (Avira GmbH)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 18:02 - 2013-11-23 18:02 - 00000000 ____D C:\FRST
2013-11-23 00:10 - 2013-11-23 00:10 - 00002296 _____ C:\Documents and Settings\Administrator\Desktop\aswMBR.txt
2013-11-23 00:10 - 2013-11-23 00:10 - 00000512 _____ C:\Documents and Settings\Administrator\Desktop\MBR.dat
2013-11-22 23:28 - 2013-11-22 23:28 - 00023790 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
2013-11-22 23:15 - 2013-11-22 23:21 - 00000000 ____D C:\AdwCleaner
2013-11-22 23:12 - 2013-11-22 23:12 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
2013-11-22 23:10 - 2013-11-22 23:11 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-22 21:07 - 2013-11-22 21:07 - 00012921 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-11-22 21:07 - 2013-11-22 21:07 - 00004315 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-11-22 21:05 - 2013-11-22 21:05 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr
2013-11-16 09:01 - 2013-11-16 13:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 12:44 - 2013-11-14 12:44 - 00000156 _____ C:\WINDOWS\Twunk001.MTX
2013-11-07 21:33 - 2013-11-07 21:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Google
2013-11-07 21:31 - 2013-11-07 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-11-07 21:27 - 2013-11-07 21:31 - 00000000 ____D C:\Program Files\Google
2013-11-04 12:16 - 2013-11-14 12:45 - 00000460 _____ C:\WINDOWS\TWAIN.LOG
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\SafeNet Sentinel
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\Common Files\SafeNet Sentinel
2013-11-03 17:52 - 2013-11-22 08:36 - 00000000 ____D C:\Program Files\Delcam
2013-11-03 17:52 - 2013-11-03 17:56 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\PS-Exchange
2013-11-03 17:51 - 2013-11-03 17:52 - 00001312 _____ C:\WINDOWS\setupapi.log
2013-10-28 20:26 - 2013-11-03 17:51 - 00000000 ___SD C:\Documents and Settings\All Users\Documents\ArtCAM Files
2013-10-28 14:21 - 2013-11-03 17:58 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent Sync
2013-10-28 14:20 - 2013-11-22 08:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2013-10-26 16:57 - 2013-10-26 18:30 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-26 16:57 - 2013-10-26 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-10-26 14:38 - 2013-10-26 18:26 - 00002363 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0 TryOut.lnk
2013-10-26 14:38 - 2013-10-26 14:38 - 00001758 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller 7.0 TryOut.lnk
2013-10-26 14:38 - 2013-10-26 14:38 - 00001740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 TryOut.lnk
2013-10-25 10:12 - 2013-10-25 10:12 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-25 10:12 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-25 10:12 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-25 10:11 - 2013-10-25 10:11 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-25 10:11 - 2013-10-25 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-25 10:11 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-25 10:11 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-25 10:11 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

==================== One Month Modified Files and Folders =======

2013-11-23 18:02 - 2013-11-23 18:02 - 00000000 ____D C:\FRST
2013-11-23 17:56 - 2011-12-19 16:59 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500UA.job
2013-11-23 17:56 - 2011-12-19 16:59 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500Core.job
2013-11-23 17:54 - 2011-11-11 22:28 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD849537-D7C9-42E0-AC57-5CB8B3ABA4CA}.job
2013-11-23 17:32 - 2011-10-18 22:00 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-23 16:25 - 2010-06-17 14:09 - 01064346 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-23 16:24 - 2010-06-17 15:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-23 16:24 - 2010-06-17 15:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-23 16:23 - 2013-06-09 00:01 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-11-23 16:23 - 2013-05-31 20:42 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-23 16:23 - 2011-10-18 22:00 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-23 16:23 - 2010-06-17 14:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-23 14:08 - 2010-06-17 14:12 - 00032504 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-23 14:08 - 2010-06-17 14:12 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-23 14:07 - 2010-06-17 14:12 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-23 13:06 - 2012-09-24 21:01 - 00001030 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500UA.job
2013-11-23 00:10 - 2013-11-23 00:10 - 00002296 _____ C:\Documents and Settings\Administrator\Desktop\aswMBR.txt
2013-11-23 00:10 - 2013-11-23 00:10 - 00000512 _____ C:\Documents and Settings\Administrator\Desktop\MBR.dat
2013-11-22 23:28 - 2013-11-22 23:28 - 00023790 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
2013-11-22 23:21 - 2013-11-22 23:15 - 00000000 ____D C:\AdwCleaner
2013-11-22 23:20 - 2012-01-13 19:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
2013-11-22 23:20 - 2011-12-19 17:07 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
2013-11-22 23:20 - 2010-06-17 14:12 - 00000761 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2013-11-22 23:12 - 2013-11-22 23:12 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
2013-11-22 23:11 - 2013-11-22 23:10 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-22 22:06 - 2012-09-24 21:01 - 00001008 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500Core.job
2013-11-22 21:07 - 2013-11-22 21:07 - 00012921 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-11-22 21:07 - 2013-11-22 21:07 - 00004315 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-11-22 21:05 - 2013-11-22 21:05 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr
2013-11-22 08:37 - 2013-10-28 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2013-11-22 08:36 - 2013-11-03 17:52 - 00000000 ____D C:\Program Files\Delcam
2013-11-19 12:04 - 2013-03-18 15:23 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-11-19 12:04 - 2013-03-18 15:23 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-11-18 23:08 - 2008-05-03 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-18 09:48 - 2010-06-17 16:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2013-11-18 09:10 - 2011-11-05 22:20 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-11-18 07:32 - 2011-07-01 15:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2013-11-17 09:00 - 2011-12-19 17:08 - 00002346 _____ C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2013-11-16 13:44 - 2013-11-16 09:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 13:43 - 2013-07-10 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-14 12:45 - 2013-11-04 12:16 - 00000460 _____ C:\WINDOWS\TWAIN.LOG
2013-11-14 12:45 - 2012-06-25 10:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Canon
2013-11-14 12:44 - 2013-11-14 12:44 - 00000156 _____ C:\WINDOWS\Twunk001.MTX
2013-11-14 12:44 - 2011-10-15 14:33 - 00000005 _____ C:\WINDOWS\Twain001.Mtx
2013-11-11 09:18 - 2010-06-17 15:01 - 00000000 ____D C:\WINDOWS\pss
2013-11-07 21:33 - 2013-11-07 21:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Google
2013-11-07 21:33 - 2010-09-07 16:13 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-11-07 21:31 - 2013-11-07 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-11-07 21:31 - 2013-11-07 21:27 - 00000000 ____D C:\Program Files\Google
2013-11-06 22:28 - 2010-06-29 08:54 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-11-06 22:15 - 2010-06-17 14:07 - 00000000 ____D C:\WINDOWS\Registration
2013-11-04 12:23 - 2010-06-17 16:13 - 00000000 ____D C:\Program Files\Winamp
2013-11-04 12:19 - 2013-02-09 15:16 - 00032397 _____ C:\WINDOWS\SGTBox.INI
2013-11-03 17:58 - 2013-10-28 14:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent Sync
2013-11-03 17:56 - 2013-11-03 17:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\PS-Exchange
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\SafeNet Sentinel
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\Common Files\SafeNet Sentinel
2013-11-03 17:53 - 2010-06-17 16:02 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-11-03 17:52 - 2013-11-03 17:51 - 00001312 _____ C:\WINDOWS\setupapi.log
2013-11-03 17:51 - 2013-10-28 20:26 - 00000000 ___SD C:\Documents and Settings\All Users\Documents\ArtCAM Files
2013-11-01 11:07 - 2010-06-17 16:05 - 00113440 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-31 19:04 - 2013-05-02 22:44 - 00002497 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
2013-10-29 17:11 - 2010-06-17 14:57 - 00000000 ____D C:\WINDOWS\repair
2013-10-29 07:36 - 2010-06-17 15:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-10-28 12:04 - 2012-04-09 12:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2013-10-27 17:45 - 2010-06-17 15:03 - 00405308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-27 17:41 - 2010-06-17 15:01 - 00388000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-26 18:30 - 2013-10-26 16:57 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-26 18:26 - 2013-10-26 14:38 - 00002363 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0 TryOut.lnk
2013-10-26 17:07 - 2010-06-17 15:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-10-26 16:58 - 2010-06-21 18:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-10-26 16:57 - 2013-10-26 16:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2013-10-26 16:56 - 2010-06-17 15:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-26 16:55 - 2010-06-17 15:46 - 00000000 ____D C:\Program Files\Adobe
2013-10-26 14:38 - 2013-10-26 14:38 - 00001758 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller 7.0 TryOut.lnk
2013-10-26 14:38 - 2013-10-26 14:38 - 00001740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 TryOut.lnk
2013-10-26 14:37 - 2011-10-15 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Adobe PDF
2013-10-25 10:12 - 2013-10-25 10:12 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-25 10:11 - 2013-10-25 10:11 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-25 10:11 - 2013-10-25 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-25 10:11 - 2012-06-28 15:03 - 00000000 ____D C:\Program Files\Java

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\BTSync.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 1033728 ____A (Microsoft Corporation) 91172f1f7decaa275ed52fcb61f57307

C:\Windows\System32\winlogon.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0507904 ____A (Microsoft Corporation) b8135e9ed99a0858df535ce0a0271558

C:\Windows\System32\svchost.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0014336 ____A (Microsoft Corporation) 0b3290fb3815f5f6553e198642bb7e07

C:\Windows\System32\services.exe
[2011-03-05 00:59] - [2008-05-03 13:00] - 0108544 ____A (Microsoft Corporation) c91018fe1f9b53de349398dd4aec6f8c

C:\Windows\System32\User32.dll
[2008-05-03 13:00] - [2008-05-03 13:00] - 0578560 ____A (Microsoft Corporation) f92d8964b5286de225bd2b6bf89764be

C:\Windows\System32\userinit.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0026112 ____A (Microsoft Corporation) ccbf7e850d72b2de4f5a1d64d2627686

C:\Windows\System32\Drivers\volsnap.sys
[2008-05-03 13:00] - [2008-05-03 13:00] - 0052352 ____A (Microsoft Corporation) 999a7ab63b8f364f4df130d48ba7e972


==================== End Of Log ============================




mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Bio sam odsutan par dana, pa nisam stigao da odgovorim...


Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]



Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

SearchScopes: HKCU - {7F76DC0D-541E-4E2F-A274-607C5E50D082} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^BA&apn_uid=53127d3f-5061-4c23-a660-3583e1796339&apn_sauid=F6A78D62-A919-45E2-B3EE-7D7F098BEBD2
FF Extension: ftd - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\ftd@ftd.com.xpi
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\ftd@ftd.com.xpi
CHR Extension: (\u0420\u043E\u0441\u0441\u0438\u044F \u0422\u0412) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj\2.0.6_0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj\2.0.6_0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
cmd: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.




Kakvo je sada stanje?

offline
  • Pridružio: 30 Jan 2011
  • Poruke: 15

Malo kao da je bolje, ali opet , nije kao što je bilo . Ranije
sam dok kliknem na neku ikonicu odmah je otvarao , a sad
jfe nekako "lijen".Nadam se da će biti bolje . Hvala za vaš trud
i što pomažete

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Uradi sve korake koje sam postavio...

offline
  • Pridružio: 30 Jan 2011
  • Poruke: 15

Prijatelju, ništa nje nađeno skeniranjem.
A ne mogu da nađem ni onaj fajl C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt , jednostavno ga nema

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ponovo pokreni TDSS Killer i odradi postupak.


Takodje, ponovo pokreni FRST, klikni na Scan i dostavi mi svez izvestaj.

offline
  • Pridružio: 30 Jan 2011
  • Poruke: 15

TDSS kiler nije ništa našao.
Evo izvještaja što je ostalo od FRST, ima samo jedan
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013 01
Ran by Administrator (administrator) on EXPERIEN-FA9774 on 27-11-2013 20:13:02
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(SafeNet, Inc.) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\WINDOWS\system32\spider.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [x]
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKLM\...\Policies\Explorer: [StartMenuFavorites] 0
HKLM\...\Policies\Explorer: [Start_ShowMyComputer] 1
HKLM\...\Policies\Explorer: [Start_ShowMyDocs] 1
HKLM\...\Policies\Explorer: [Start_ShowMyMusic] 0
HKLM\...\Policies\Explorer: [Start_ShowRun] 1
HKLM\...\Policies\Explorer: [Start_ShowSearch] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoStartBanner] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKCU\...\Policies\Explorer: [NoSharedDocuments] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\Default User\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7F76DC0D-541E-4E2F-A274-607C5E50D082} URL = websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^BA&apn_uid=53127d3f-5061-4c23-a660-3583e1796339&apn_sauid=F6A78D62-A919-45E2-B3EE-7D7F098BEBD2
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} quickscan.bitdefender.com/qsax/qsax.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8461312 2008-05-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [233472 2006-03-13] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default
FF Homepage: google.rs/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ftd - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oehrt3xr.default\Extensions\ftd@ftd.com.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google \u043F\u0440\u0435\u0432\u043E\u0434\u0438\u043B\u0430\u0446) - translate.google.com/?source=osdd#auto|auto|{searchTerms}
CHR DefaultSuggestURL: (Google \u043F\u0440\u0435\u0432\u043E\u0434\u0438\u043B\u0430\u0446) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Angry Birds) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (\u0420\u043E\u0441\u0441\u0438\u044F \u0422\u0412) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj\2.0.6_0
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0
CHR Extension: (Stylish) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0
CHR Extension: (Pixlr Express) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.2_0
CHR Extension: (Google Maps) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Telebas TV) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nnkmjgmdjeecojjdhiemgiiahgjacnle\1.0.0.4_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-07-21] ()
R2 BBDemon; C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992 2007-04-27] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2007-04-27] (SafeNet, Inc)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
R3 AtcL001; C:\Windows\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 d347bus; C:\Windows\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( )
R0 d347prt; C:\Windows\System32\Drivers\d347prt.sys [5248 2004-08-22] ( )
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-03-20] (Microsoft Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R1 LUMDriver; C:\WINDOWS\system32\drivers\LUMDriver.sys [14912 2003-07-11] (IBM)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv614x; C:\Windows\System32\DRIVERS\mv614x.sys [63232 2006-07-04] ()
R0 nvatabus; C:\Windows\System32\Drivers\nvatabus.sys [100736 2008-05-03] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-10] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-18] (Avira GmbH)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 20:15 - 2013-11-25 20:15 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2013-11-25 17:05 - 2013-11-25 17:05 - 00001690 _____ C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
2013-11-25 17:04 - 2013-11-25 17:04 - 00000000 ____D C:\Program Files\AnswerWorks 4.0
2013-11-25 17:00 - 2013-11-25 17:05 - 00000000 ____D C:\Program Files\AutoCAD 2006
2013-11-25 16:55 - 2013-11-25 17:05 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-11-25 16:55 - 2013-11-25 17:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
2013-11-25 16:55 - 2013-11-25 16:55 - 00000000 ____D C:\Program Files\Autodesk
2013-11-23 18:02 - 2013-11-23 18:02 - 00000000 ____D C:\FRST
2013-11-23 00:10 - 2013-11-23 00:10 - 00000512 _____ C:\Documents and Settings\Administrator\Desktop\MBR.dat
2013-11-22 23:15 - 2013-11-22 23:21 - 00000000 ____D C:\AdwCleaner
2013-11-22 23:12 - 2013-11-22 23:12 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
2013-11-22 23:10 - 2013-11-22 23:11 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-16 09:01 - 2013-11-16 13:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 12:44 - 2013-11-14 12:44 - 00000156 _____ C:\WINDOWS\Twunk001.MTX
2013-11-07 21:33 - 2013-11-07 21:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Google
2013-11-07 21:31 - 2013-11-07 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-11-07 21:27 - 2013-11-07 21:31 - 00000000 ____D C:\Program Files\Google
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\SafeNet Sentinel
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\Common Files\SafeNet Sentinel
2013-11-03 17:52 - 2013-11-22 08:36 - 00000000 ____D C:\Program Files\Delcam
2013-11-03 17:52 - 2013-11-03 17:56 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\PS-Exchange
2013-10-28 20:26 - 2013-11-03 17:51 - 00000000 ___SD C:\Documents and Settings\All Users\Documents\ArtCAM Files
2013-10-28 14:21 - 2013-11-03 17:58 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent Sync
2013-10-28 14:20 - 2013-11-22 08:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent

==================== One Month Modified Files and Folders =======

2013-11-27 20:13 - 2011-11-11 22:28 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD849537-D7C9-42E0-AC57-5CB8B3ABA4CA}.job
2013-11-27 19:56 - 2011-12-19 16:59 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500UA.job
2013-11-27 19:32 - 2011-10-18 22:00 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 19:06 - 2012-09-24 21:01 - 00001030 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500UA.job
2013-11-27 18:43 - 2010-06-17 14:12 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-27 17:56 - 2011-12-19 16:59 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500Core.job
2013-11-27 17:13 - 2010-06-17 14:09 - 01112361 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-27 17:12 - 2010-06-17 15:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-27 17:12 - 2010-06-17 15:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-27 17:11 - 2013-06-09 00:01 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-11-27 17:11 - 2013-05-31 20:42 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-27 17:11 - 2011-10-18 22:00 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 17:11 - 2010-06-17 14:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-27 15:52 - 2010-06-17 14:12 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-27 15:52 - 2010-06-17 14:12 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-26 22:41 - 2010-06-17 16:54 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2013-11-26 22:06 - 2012-09-24 21:01 - 00001008 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1645522239-1417001333-500Core.job
2013-11-26 20:35 - 2010-06-17 16:13 - 00000000 ____D C:\Program Files\Winamp
2013-11-26 20:01 - 2011-11-05 22:20 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-11-25 21:35 - 2013-05-02 22:44 - 00002497 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
2013-11-25 20:15 - 2013-11-25 20:15 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2013-11-25 17:11 - 2010-06-17 16:05 - 00144160 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-25 17:08 - 2010-06-17 15:01 - 00466008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-25 17:05 - 2013-11-25 17:05 - 00001690 _____ C:\Documents and Settings\All Users\Desktop\AutoCAD 2006.lnk
2013-11-25 17:05 - 2013-11-25 17:00 - 00000000 ____D C:\Program Files\AutoCAD 2006
2013-11-25 17:05 - 2013-11-25 16:55 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-11-25 17:05 - 2013-11-25 16:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
2013-11-25 17:04 - 2013-11-25 17:04 - 00000000 ____D C:\Program Files\AnswerWorks 4.0
2013-11-25 16:55 - 2013-11-25 16:55 - 00000000 ____D C:\Program Files\Autodesk
2013-11-25 16:54 - 2010-06-17 15:03 - 00456496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-25 16:54 - 2010-06-17 14:07 - 00000000 ____D C:\WINDOWS\Registration
2013-11-25 16:52 - 2010-06-17 14:57 - 00000000 ____D C:\WINDOWS\system32\mui
2013-11-23 18:02 - 2013-11-23 18:02 - 00000000 ____D C:\FRST
2013-11-23 00:10 - 2013-11-23 00:10 - 00000512 _____ C:\Documents and Settings\Administrator\Desktop\MBR.dat
2013-11-22 23:21 - 2013-11-22 23:15 - 00000000 ____D C:\AdwCleaner
2013-11-22 23:20 - 2012-01-13 19:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
2013-11-22 23:20 - 2011-12-19 17:07 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
2013-11-22 23:20 - 2010-06-17 14:12 - 00000761 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2013-11-22 23:12 - 2013-11-22 23:12 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
2013-11-22 23:11 - 2013-11-22 23:10 - 01085542 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-11-22 08:37 - 2013-10-28 14:20 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2013-11-22 08:36 - 2013-11-03 17:52 - 00000000 ____D C:\Program Files\Delcam
2013-11-19 12:04 - 2013-03-18 15:23 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-11-19 12:04 - 2013-03-18 15:23 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-11-18 23:08 - 2008-05-03 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-18 07:32 - 2011-07-01 15:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2013-11-17 09:00 - 2011-12-19 17:08 - 00002346 _____ C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2013-11-16 16:51 - 2013-07-10 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 13:44 - 2013-11-16 09:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 12:45 - 2012-06-25 10:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Canon
2013-11-14 12:44 - 2013-11-14 12:44 - 00000156 _____ C:\WINDOWS\Twunk001.MTX
2013-11-14 12:44 - 2011-10-15 14:33 - 00000005 _____ C:\WINDOWS\Twain001.Mtx
2013-11-11 09:18 - 2010-06-17 15:01 - 00000000 ____D C:\WINDOWS\pss
2013-11-07 21:33 - 2013-11-07 21:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Google
2013-11-07 21:33 - 2010-09-07 16:13 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-11-07 21:31 - 2013-11-07 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-11-07 21:31 - 2013-11-07 21:27 - 00000000 ____D C:\Program Files\Google
2013-11-06 22:28 - 2010-06-29 08:54 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-11-04 12:19 - 2013-02-09 15:16 - 00032397 _____ C:\WINDOWS\SGTBox.INI
2013-11-03 17:58 - 2013-10-28 14:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent Sync
2013-11-03 17:56 - 2013-11-03 17:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\PS-Exchange
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\SafeNet Sentinel
2013-11-03 17:54 - 2013-11-03 17:54 - 00000000 ____D C:\Program Files\Common Files\SafeNet Sentinel
2013-11-03 17:53 - 2010-06-17 16:02 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-11-03 17:51 - 2013-10-28 20:26 - 00000000 ___SD C:\Documents and Settings\All Users\Documents\ArtCAM Files
2013-10-29 17:11 - 2010-06-17 14:57 - 00000000 ____D C:\WINDOWS\repair
2013-10-29 07:36 - 2010-06-17 15:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-10-28 12:04 - 2012-04-09 12:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 1033728 ____A (Microsoft Corporation) 91172f1f7decaa275ed52fcb61f57307

C:\Windows\System32\winlogon.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0507904 ____A (Microsoft Corporation) b8135e9ed99a0858df535ce0a0271558

C:\Windows\System32\svchost.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0014336 ____A (Microsoft Corporation) 0b3290fb3815f5f6553e198642bb7e07

C:\Windows\System32\services.exe
[2011-03-05 00:59] - [2008-05-03 13:00] - 0108544 ____A (Microsoft Corporation) c91018fe1f9b53de349398dd4aec6f8c

C:\Windows\System32\User32.dll
[2008-05-03 13:00] - [2008-05-03 13:00] - 0578560 ____A (Microsoft Corporation) f92d8964b5286de225bd2b6bf89764be

C:\Windows\System32\userinit.exe
[2008-05-03 13:00] - [2008-05-03 13:00] - 0026112 ____A (Microsoft Corporation) ccbf7e850d72b2de4f5a1d64d2627686

C:\Windows\System32\Drivers\volsnap.sys
[2008-05-03 13:00] - [2008-05-03 13:00] - 0052352 ____A (Microsoft Corporation) 999a7ab63b8f364f4df130d48ba7e972


==================== End Of Log ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Zaboravio si da odradis drugi korak u ovoj poruci

http://www.mycity.rs/Ambulanta/spor-kompjuter-2.html#p1610145

Odradi to, i dostavi fixlog.txt

Ko je trenutno na forumu
 

Ukupno su 1013 korisnika na forumu :: 51 registrovanih, 10 sakrivenih i 952 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, arsa, Ben Roj, bladesu, brundo65, Dimitrise93, Djokislav, Dorcolac, dragoljub11987, DragoslavS, Georgius, glada, ivan979, kinez88, kljift, Krusarac, kunktator, Lieutenant, ljuba, lord sir giga, LUDI, Luka Blažević, M1los, Marko.anticc, marsovac 2, mercedesamg, milenko crazy north, MiroslavD, nebkv, nemkea71, Neretva, Parker, savaskytec, Shinobi, slonic_tonic, Smajser, Smiljke, Srky Boy, Steeeefan, Stoilkovic, theNedjeljko, tubular, uruk, VanHelsing, vathra, VJ, Vlad000, voja64, Volkhov-M, zixmix, Čivi