Kočenje i usporen rad računara

Kočenje i usporen rad računara

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Мој проблем је следећи:
Педагог у мојој школи ми се пожалила на рад свог рачунара. Погледао сам и установио следеће:

- Рачунар се чудно понаша, повремено замрзне екран, па после неког времена проради. Затим, кад год се покрене Word 2003, обавезно дође до кочења, не може ништа да се откуца неко време.
- Проблем је почео да се јавља пре пар недеља.
- На рачунару је инсталисан AVAST. Дао сам му да скенира рачунар при подизању система, и тада је пронашао 4 злонамерна програма, која је успешно обрисао. Такође сам покренуо и најновију верзију ADWCLEANER-а, који је пронашао и уклонио гомилу разних ADWARE-а. После сам инсталисао и SUPERANTISPYWARE, који је пронашао пар "бубица" и уклонио их. И, на крају, још сам инсталисао и MCShield Wink ... Упркос свим овим софтверима, рачунар и даље ради исто као и пре. Напомињем да овај набројани софтвер више не пријављује присуство неког малвера.
- У школи имамо ADSL Интернет брзине 4 Мб/с.
Не знам више шта да радим, а педагогу нон-стоп треба рачунар... Crying or Very sad

Датотека Frst.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by Administrator (administrator) on ANDJELA on 08-12-2014 10:43:30
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Oracle) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
( ) C:\Program Files\HP\HP UT\bin\hppusg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523104 2010-04-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-04] ( )
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5226600 2014-11-24] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-15] (Google Inc.)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\Run: [IncrediMail] => C:\Program Files\IncrediMail\bin\IncMail.exe [444840 2013-10-18] (IncrediMail, Ltd.)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2424560 2010-12-14] (SUPERAntiSpyware.com)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {233bdb2a-3248-11e3-968e-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CMD /q /C EXPlorEr . & sTart /I /b "" JaVaW.exe -classpath "RECYCLER\S-6-1-25-8109308193-3032487481-8002671131-1572\SMOQCKQEO.gag" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {690590bc-4274-11e1-9503-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMd /q /C explOrER . & start /i /B "" JAVAW.eXE -classpath "RECYCLER\S-3-8-20-1187546471-8328041808-640869930-3515\ega.Kce" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {7eae02af-16b7-11e3-9670-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /Q /c ExPLoReR . & sTart /I /b "" jaVaw.eXe -classpath "RECYCLER\S-9-9-59-1014719759-1420764988-2489784496-9713\woqweuw.Ekc" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {a2d05703-daad-11e0-94a4-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /q /c EXPlOrEr . & sTaRt /i /b "" jAvaw.eXe -classpath "RECYCLER\S-6-5-30-5527008605-6069850110-3157933563-9236\mamaqee.Eay" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {ba54dd34-5ee2-11e2-95dc-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD.exE /q /c ExpLoREr . & staRt /i /b "" jaVAw.ExE -classpath "RECYCLER\S-3-7-90-8742785239-6982872419-5358550076-4868\EMQKI.sgi" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {d74986ae-5b9a-11e4-97c2-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmD.eXe /Q /c ExPLorER.EXe . & STart /i /b "" jaVaw.ExE -classpath "RECYCLER\S-3-7-43-7828695026-7878730003-9275964969-3192\ASQEEQEKM.wes" a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-682003330-1454471165-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-682003330-1454471165-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-682003330-1454471165-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
URLSearchHook: [S-1-5-21-682003330-1454471165-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-682003330-1454471165-725345543-500 - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-682003330-1454471165-725345543-500 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-682003330-1454471165-725345543-500 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
BHO: ToggleEN Toolbar -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
BHO: GretechBHO Class -> {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} -> No File
Toolbar: HKLM - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-682003330-1454471165-725345543-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-682003330-1454471165-725345543-500 -> ToggleEN Toolbar - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{86CDA434-332A-49E6-BA81-5E8C5F04208D}: [NameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-682003330-1454471165-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-12-15]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-12-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-10]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (Google новчаник) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-12-15] (Oracle)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 10:43 - 2014-12-08 10:45 - 00015761 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-12-08 10:42 - 2014-12-08 10:43 - 00000000 ____D () C:\FRST
2014-12-08 10:41 - 2014-12-08 10:42 - 00004563 _____ () C:\WINDOWS\KB2876217.log
2014-12-08 10:37 - 2014-12-08 10:37 - 01111040 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-12-08 10:29 - 2014-12-08 10:30 - 00004563 _____ () C:\WINDOWS\KB2864063.log
2014-12-08 10:25 - 2014-12-08 10:26 - 00004506 _____ () C:\WINDOWS\KB2719985.log
2014-12-08 10:24 - 2014-12-08 10:25 - 00004498 _____ () C:\WINDOWS\KB952004.log
2014-12-08 10:24 - 2014-12-08 10:24 - 00004479 _____ () C:\WINDOWS\KB2862152.log
2014-12-08 10:13 - 2014-12-08 10:13 - 00004494 _____ () C:\WINDOWS\KB2850869.log
2014-12-08 10:12 - 2014-12-08 10:13 - 00004528 _____ () C:\WINDOWS\KB2876331.log
2014-12-08 10:10 - 2014-12-08 10:11 - 00004839 _____ () C:\WINDOWS\KB2859537.log
2014-12-08 09:50 - 2014-12-08 09:50 - 00004396 _____ () C:\WINDOWS\KB2820917.log
2014-12-08 09:40 - 2014-12-08 09:40 - 00004315 _____ () C:\WINDOWS\KB2757638.log
2014-12-08 09:39 - 2014-12-08 09:40 - 00004290 _____ () C:\WINDOWS\KB974318.log
2014-12-08 09:29 - 2014-12-08 09:29 - 00004288 _____ () C:\WINDOWS\KB974571.log
2014-12-08 09:20 - 2014-12-08 09:20 - 00004219 _____ () C:\WINDOWS\KB951978.log
2014-12-08 09:19 - 2014-12-08 09:19 - 00004553 _____ () C:\WINDOWS\KB2481109.log
2014-12-08 09:19 - 2014-12-08 09:19 - 00004206 _____ () C:\WINDOWS\KB969059.log
2014-12-08 09:10 - 2014-12-08 09:10 - 00004125 _____ () C:\WINDOWS\KB978338.log
2014-12-08 09:08 - 2014-12-08 09:09 - 00003985 _____ () C:\WINDOWS\KB2419632.log
2014-12-08 09:00 - 2014-12-08 09:00 - 00003959 _____ () C:\WINDOWS\KB975713.log
2014-12-08 08:59 - 2014-12-08 08:59 - 00003894 _____ () C:\WINDOWS\KB2483185.log
2014-12-08 08:58 - 2014-12-08 08:58 - 00003874 _____ () C:\WINDOWS\KB961503.log
2014-12-08 08:58 - 2014-12-08 08:58 - 00003785 _____ () C:\WINDOWS\KB2508429.log
2014-12-08 08:51 - 2014-12-08 08:51 - 00003792 _____ () C:\WINDOWS\KB974392.log
2014-12-08 08:48 - 2014-12-08 08:49 - 00003723 _____ () C:\WINDOWS\KB2749655.log
2014-12-08 08:48 - 2014-12-08 08:48 - 00003628 _____ () C:\WINDOWS\KB971029.log
2014-12-08 08:47 - 2014-12-08 08:47 - 00003538 _____ () C:\WINDOWS\KB2506212.log
2014-12-08 08:46 - 2014-12-08 08:47 - 00003880 _____ () C:\WINDOWS\KB977914.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003553 _____ () C:\WINDOWS\KB2892075.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003446 _____ () C:\WINDOWS\KB2619339.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003395 _____ () C:\WINDOWS\KB2705219-v2.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003353 _____ () C:\WINDOWS\KB978542.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003277 _____ () C:\WINDOWS\KB2727528.log
2014-12-08 08:45 - 2014-12-08 08:45 - 00003268 _____ () C:\WINDOWS\KB979482.log
2014-12-08 08:41 - 2014-12-08 08:41 - 00003294 _____ () C:\WINDOWS\KB978706.log
2014-12-08 08:28 - 2014-12-08 08:28 - 00003292 _____ () C:\WINDOWS\KB960803.log
2014-12-08 08:27 - 2014-12-08 08:27 - 00003293 _____ () C:\WINDOWS\KB973815.log
2014-12-08 08:17 - 2014-12-08 08:17 - 00003649 _____ () C:\WINDOWS\KB2813345.log
2014-12-08 08:06 - 2014-12-08 08:06 - 00003174 _____ () C:\WINDOWS\KB2509553.log
2014-12-08 07:35 - 2014-12-08 07:36 - 00002964 _____ () C:\WINDOWS\KB2620712.log
2014-12-08 07:26 - 2014-12-08 07:27 - 00002882 _____ () C:\WINDOWS\KB2584146.log
2014-12-08 07:18 - 2014-12-08 07:26 - 00003803 _____ () C:\WINDOWS\KB979309.log
2014-12-05 12:18 - 2014-12-05 12:18 - 00110628 _____ () C:\unp304129251012580450.mdmp
2014-12-05 12:02 - 2014-12-08 09:09 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-05 12:02 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2014-12-05 11:45 - 2014-12-05 11:46 - 00002166 _____ () C:\WINDOWS\wmsetup.log
2014-12-05 11:45 - 2014-12-05 11:45 - 00000226 _____ () C:\WINDOWS\DtcInstall.log
2014-12-05 11:45 - 2014-12-05 11:45 - 00000187 _____ () C:\WINDOWS\spupdsvc.log.1.log
2014-12-05 11:44 - 2014-12-05 11:44 - 00000090 _____ () C:\WINDOWS\system32\spupdwxp.log
2014-12-05 10:59 - 2014-12-05 10:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2014-12-05 10:57 - 2014-12-05 11:01 - 00198222 _____ () C:\WINDOWS\KB950974.log
2014-12-05 10:55 - 2014-12-05 10:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2014-12-05 10:53 - 2014-12-05 10:57 - 00197679 _____ () C:\WINDOWS\KB950762.log
2014-12-05 10:51 - 2014-12-05 10:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-12-05 10:49 - 2014-12-05 10:53 - 00197603 _____ () C:\WINDOWS\KB946648.log
2014-12-05 10:47 - 2014-12-05 10:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2014-12-05 10:45 - 2014-12-05 10:49 - 00198135 _____ () C:\WINDOWS\KB923561.log
2014-12-05 10:43 - 2014-12-05 10:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2014-12-05 10:40 - 2014-12-05 10:45 - 00196987 _____ () C:\WINDOWS\KB2229593.log
2014-12-05 10:34 - 2014-12-05 11:46 - 00069833 _____ () C:\WINDOWS\spupdsvc.log
2014-12-05 10:34 - 2014-12-05 10:34 - 00000200 _____ () C:\WINDOWS\cmsetacl.log
2014-12-05 10:33 - 2014-12-05 10:33 - 00000259 _____ () C:\WINDOWS\sessmgr.setup.log
2014-12-05 10:30 - 2008-04-14 05:42 - 01306624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6.dll
2014-12-05 10:30 - 2008-04-13 22:57 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6r.dll
2014-12-05 10:30 - 2007-06-26 11:30 - 00010457 ____C () C:\WINDOWS\system32\dllcache\wmptour.hta
2014-12-05 10:29 - 2008-04-14 05:40 - 00294912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msaud32.acm
2014-12-05 10:29 - 2008-04-14 05:40 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dpcdll.dll
2014-12-05 10:29 - 2008-04-14 05:40 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\WINDOWS\system32\dllcache\sl_anet.acm
2014-12-05 10:29 - 2008-04-14 05:39 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\dllcache\l3codeca.acm
2014-12-05 10:29 - 2008-04-13 22:58 - 00184959 ____C () C:\WINDOWS\system32\dllcache\compact.wmz
2014-12-05 10:29 - 2008-04-13 22:58 - 00066725 ____C () C:\WINDOWS\system32\dllcache\revert.wmz
2014-12-05 10:29 - 2007-06-26 11:30 - 00572557 ____C () C:\WINDOWS\system32\dllcache\rtuner.wmv
2014-12-05 10:29 - 2007-06-26 11:30 - 00457607 ____C () C:\WINDOWS\system32\dllcache\mdlib.wmv
2014-12-05 10:29 - 2007-06-26 11:30 - 00381425 ____C () C:\WINDOWS\system32\dllcache\copycd.wmv
2014-12-05 10:29 - 2007-06-26 11:30 - 00375519 ____C () C:\WINDOWS\system32\dllcache\nuskin.wmv
2014-12-05 10:29 - 2007-06-26 11:30 - 00354468 ____C () C:\WINDOWS\system32\dllcache\wmpaud1.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00343204 ____C () C:\WINDOWS\system32\dllcache\wmpaud7.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00343204 ____C () C:\WINDOWS\system32\dllcache\wmpaud6.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00300969 ____C () C:\WINDOWS\system32\dllcache\viz.wmv
2014-12-05 10:29 - 2007-06-26 11:30 - 00172196 ____C () C:\WINDOWS\system32\dllcache\wmpaud9.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00172196 ____C () C:\WINDOWS\system32\dllcache\wmpaud8.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00172196 ____C () C:\WINDOWS\system32\dllcache\wmpaud3.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00086196 ____C () C:\WINDOWS\system32\dllcache\wmpaud5.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00086180 ____C () C:\WINDOWS\system32\dllcache\wmpaud4.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00086180 ____C () C:\WINDOWS\system32\dllcache\wmpaud2.wav
2014-12-05 10:29 - 2007-06-26 11:30 - 00022060 ____C () C:\WINDOWS\system32\dllcache\npds.zip
2014-12-05 10:29 - 2007-06-26 11:30 - 00009585 ____C () C:\WINDOWS\system32\dllcache\controls.css
2014-12-05 10:29 - 2007-06-26 11:30 - 00008298 ____C () C:\WINDOWS\system32\dllcache\contents.htm
2014-12-05 10:29 - 2007-06-26 11:30 - 00006878 ____C () C:\WINDOWS\system32\dllcache\controls.js
2014-12-05 10:29 - 2007-06-26 11:30 - 00005971 ____C () C:\WINDOWS\system32\dllcache\events.js
2014-12-05 10:29 - 2007-06-26 11:30 - 00003187 ____C () C:\WINDOWS\system32\dllcache\tour.js
2014-12-05 10:29 - 2007-06-26 11:30 - 00001771 ____C () C:\WINDOWS\system32\dllcache\wmptour.css
2014-12-05 10:29 - 2007-06-26 11:30 - 00001148 ____C () C:\WINDOWS\system32\dllcache\snd.htm
2014-12-05 10:29 - 2007-06-26 11:30 - 00000420 ____C () C:\WINDOWS\system32\dllcache\wmploc.js
2014-12-05 10:29 - 2007-06-26 11:29 - 00097117 ____C () C:\WINDOWS\system32\dllcache\mplayer2.hlp
2014-12-05 10:29 - 2007-06-26 11:29 - 00001885 ____C () C:\WINDOWS\system32\dllcache\mplayer2.cnt
2014-12-05 10:29 - 2007-06-26 11:28 - 00613334 ____C () C:\WINDOWS\system32\dllcache\wmplayer.chm
2014-12-05 10:29 - 2007-06-26 11:28 - 00067374 ____C () C:\WINDOWS\system32\dllcache\wmplayer.adm
2014-12-05 10:29 - 2007-06-26 11:26 - 00077307 ____C () C:\WINDOWS\system32\dllcache\plyr_err.chm
2014-12-05 10:29 - 2007-06-26 11:26 - 00001477 ____C () C:\WINDOWS\system32\dllcache\plylst6.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001477 ____C () C:\WINDOWS\system32\dllcache\plylst5.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001474 ____C () C:\WINDOWS\system32\dllcache\plylst3.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001451 ____C () C:\WINDOWS\system32\dllcache\plylst12.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001448 ____C () C:\WINDOWS\system32\dllcache\plylst4.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001250 ____C () C:\WINDOWS\system32\dllcache\plylst1.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001049 ____C () C:\WINDOWS\system32\dllcache\plylst2.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001046 ____C () C:\WINDOWS\system32\dllcache\plylst7.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00001036 ____C () C:\WINDOWS\system32\dllcache\plylst8.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000789 ____C () C:\WINDOWS\system32\dllcache\plylst11.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000787 ____C () C:\WINDOWS\system32\dllcache\plylst10.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000784 ____C () C:\WINDOWS\system32\dllcache\plylst9.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000783 ____C () C:\WINDOWS\system32\dllcache\plylst13.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000775 ____C () C:\WINDOWS\system32\dllcache\plylst14.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000733 ____C () C:\WINDOWS\system32\dllcache\plylst15.wpl
2014-12-05 10:29 - 2007-06-26 11:26 - 00000403 ____C () C:\WINDOWS\system32\dllcache\npdrmv2.zip
2014-12-05 10:29 - 2007-04-02 23:21 - 00023195 ____C () C:\WINDOWS\system32\dllcache\wmplay.chm
2014-12-05 10:28 - 2014-12-05 10:28 - 00000000 ____D () C:\WINDOWS\system32\scripting
2014-12-05 10:28 - 2014-12-05 10:28 - 00000000 ____D () C:\WINDOWS\system32\bits
2014-12-05 10:28 - 2014-12-05 10:28 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-12-05 10:28 - 2008-04-14 05:42 - 04274816 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nv4_disp.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 01737856 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\mtxparhd.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00397056 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\s3gnb.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00291328 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagentrt.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00290304 ____N (Microsoft Corporation) C:\WINDOWS\system32\rhttpaa.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00286792 ____N (Smart Link) C:\WINDOWS\system32\slextspk.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\napmontr.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00188508 ____N (Smart Link) C:\WINDOWS\system32\slgen.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00176640 ____N (Microsoft Corporation) C:\WINDOWS\system32\napstat.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00155136 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssha.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\qagent.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\qutil.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00073832 ____N (Smart Link) C:\WINDOWS\system32\slcoinst.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00073796 ____N (Smart Link) C:\WINDOWS\system32\slserv.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00069120 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00062464 ____N (Microsoft Corporation) C:\WINDOWS\system32\qcliprov.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00061952 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasqec.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00053248 ____N (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00050688 ____N (Microsoft Corporation) C:\WINDOWS\system32\tspkg.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00033792 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcperf.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\system32\slrundll.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00032866 ____N (Smart Link) C:\WINDOWS\slrundll.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00032768 ____N (Microsoft Corporation) C:\WINDOWS\system32\setupn.exe
2014-12-05 10:28 - 2008-04-14 05:42 - 00030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\napipsec.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2014-12-05 10:28 - 2008-04-14 05:42 - 00023040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativmvxx.ax
2014-12-05 10:28 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
2014-12-05 10:28 - 2008-04-14 05:42 - 00009728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativdaxx.ax
2014-12-05 10:28 - 2008-04-14 05:41 - 01888992 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3duag.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00870784 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ati3d1ag.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00650752 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00516768 ____N (ATI Technologies Inc. ) C:\WINDOWS\system32\ativvaxx.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00397312 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcex.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00377984 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvaa.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00233472 ____N (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00229376 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2cqag.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00201728 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ati2dvag.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00184832 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\microsoft.managementconsole.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00180224 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00136192 ____N (Microsoft Corporation) C:\WINDOWS\system32\aaclient.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00132096 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00126976 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00106496 ____N (Microsoft Corporation) C:\WINDOWS\system32\mmcfxcommon.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00094208 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00086016 ____N (Conexant) C:\WINDOWS\system32\mdmxsdk.dll
2014-12 -05 10:28 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00061440 ____N (Microsoft Corporation) C:\WINDOWS\system32\kmsvc.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapqec.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3cfg.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00048640 ____N (Microsoft Corporation) C:\WINDOWS\system32\dhcpqec.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3gpclnt.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00039936 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00037376 ____N (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00033792 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapsvc.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00032768 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\ativtmxx.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00032285 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\hsfcisp2.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\eapolqec.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00026112 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00019456 ____N (Microsoft Corporation) C:\WINDOWS\system32\dimsntfy.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00009216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2014-12-05 10:28 - 2008-04-14 05:41 - 00007168 ____N (Microsoft Corporation) C:\WINDOWS\system32\bitsprx4.dll
2014-12-05 10:28 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdpash.dll
2014-12-05 10:28 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdnepr.dll
2014-12-05 10:28 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdiultn.dll
2014-12-05 10:28 - 2008-04-14 05:39 - 00006144 ____N (Microsoft Corporation) C:\WINDOWS\system32\kbdbhc.dll
2014-12-05 10:28 - 2008-04-14 00:15 - 00046592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irbus.sys
2014-12-05 10:28 - 2008-04-14 00:13 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsdupd.exe
2014-12-05 10:28 - 2008-04-13 23:45 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\msshavmsg.dll
2014-12-05 10:19 - 2008-04-14 05:42 - 00294912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlimport.exe
2014-12-05 10:15 - 2014-12-05 11:00 - 00092806 _____ () C:\WINDOWS\updspapi.log
2014-12-05 10:15 - 2008-04-14 05:42 - 00011325 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\vchnt5.dll
2014-12-05 10:15 - 2008-04-14 05:42 - 00003901 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\siint5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv04nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00021183 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv01nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00017279 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv10nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00015423 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\ch7xxnt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00014143 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv06nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00011359 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\atv02nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00004255 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv01nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003967 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv02nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003775 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv11nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003711 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv09nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003647 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv07nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003615 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv05nt5.dll
2014-12-05 10:15 - 2008-04-14 05:41 - 00003135 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\adv08nt5.dll
2014-12-05 10:15 - 2008-04-14 00:26 - 00030592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2014-12-05 10:15 - 2008-04-14 00:26 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys
2014-12-05 10:15 - 2008-04-14 00:21 - 00101120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00121984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00059136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00037888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00036480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthprint.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthusb.sys
2014-12-05 10:15 - 2008-04-14 00:16 - 00017024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2014-12-05 10:15 - 2008-04-14 00:15 - 00019200 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidir.sys
2014-12-05 10:15 - 2008-04-14 00:13 - 00014208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2014-12-05 10:15 - 2008-04-14 00:13 - 00012672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mutohpen.sys
2014-12-05 10:15 - 2008-04-14 00:10 - 00010240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_mmc.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00046464 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gagp30kx.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00044928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agpcpq.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00044672 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uagp35.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00043008 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdagp.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00042752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\alim1541.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00042368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agp440.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00042240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viaagp.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00040960 ____N (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\Drivers\sisagp.sys
2014-12-05 10:15 - 2008-04-14 00:06 - 00005888 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smbali.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 01309184 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlstrm.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 01041536 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfdpsp2.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00685056 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfcxts2.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00404990 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slntamr.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00220032 ____N (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\hsfbs2s2.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00180360 ____N (Smart Link) C:\WINDOWS\system32\Drivers\ntmtlfax.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00129535 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnt7554.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00126686 ____N (Smart Link) C:\WINDOWS\system32\Drivers\mtlmnt5.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00095424 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slnthal.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00013776 ____N (Smart Link) C:\WINDOWS\system32\Drivers\recagent.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00013240 ____N (Smart Link) C:\WINDOWS\system32\Drivers\slwdmsup.sys
2014-12-05 10:15 - 2008-04-13 23:53 - 00011868 ____N (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 01897408 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00701440 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00452736 ____N (Matrox Graphics Inc.) C:\WINDOWS\system32\Drivers\mtxparhm.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00327040 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtaa.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00166912 ____N (S3 Graphics, Inc.) C:\WINDOWS\system32\Drivers\s3gnbm.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00104960 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinrvxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00073216 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atintuxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00063663 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1rvxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00063488 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxsxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00057856 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinbtxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00056623 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1btxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00052224 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinraxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00036463 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1tuxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00034735 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xsxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00031744 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinxbxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00030671 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1raxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00029455 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1xbxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00028672 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinsnxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00026367 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1snxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00025471 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv10nt.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00022271 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\watv06nt.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00021343 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1ttxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00014336 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinpdxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinttxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00013824 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\atinmdxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00012047 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1pdxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00011935 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv11nt.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00011871 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv09nt.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00011807 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv07nt.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00011615 ____N (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati1mdxx.sys
2014-12-05 10:15 - 2008-04-13 22:04 - 00011295 ____N (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\wadv08nt.sys
2014-12-05 10:15 - 2007-04-02 21:36 - 00129045 ____N () C:\WINDOWS\system32\Drivers\cxthsfs2.cty
2014-12-05 10:15 - 2006-12-29 20:21 - 00064352 ____N () C:\WINDOWS\system32\Drivers\ativmc20.cod
2014-12-05 10:15 - 2006-12-29 20:02 - 00067866 ____N () C:\WINDOWS\system32\Drivers\netwlan5.img
2014-12-05 10:12 - 2014-12-05 11:46 - 00002333 _____ () C:\WINDOWS\tabletoc.log
2014-12-05 10:12 - 2014-12-05 11:42 - 00000503 _____ () C:\WINDOWS\ocmsn.log
2014-12-05 10:12 - 2014-12-05 11:01 - 00007255 _____ () C:\WINDOWS\netfxocm.log
2014-12-05 10:12 - 2006-12-29 00:31 - 00019569 _____ () C:\WINDOWS\003204_.tmp
2014-12-05 10:11 - 2014-12-05 11:42 - 00039474 _____ () C:\WINDOWS\iis6.log
2014-12-05 10:11 - 2014-12-05 11:42 - 00018805 _____ () C:\WINDOWS\tsoc.log
2014-12-05 10:11 - 2014-12-05 11:42 - 00003610 _____ () C:\WINDOWS\comsetup.log
2014-12-05 10:11 - 2014-12-05 11:42 - 00002675 _____ () C:\WINDOWS\imsins.log
2014-12-05 10:11 - 2014-12-05 11:42 - 00001923 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-05 10:11 - 2014-12-05 11:01 - 00043282 _____ () C:\WINDOWS\FaxSetup.log
2014-12-05 10:11 - 2014-12-05 11:01 - 00020601 _____ () C:\WINDOWS\ocgen.log
2014-12-05 10:11 - 2014-12-05 11:01 - 00013122 _____ () C:\WINDOWS\msmqinst.log
2014-12-05 10:11 - 2014-12-05 11:01 - 00002001 _____ () C:\WINDOWS\msgsocm.log
2014-12-05 10:01 - 2014-12-05 11:01 - 00003494 _____ () C:\WINDOWS\medctroc.Log
2014-12-05 10:01 - 2014-12-05 10:10 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2014-12-05 09:56 - 2014-12-08 10:25 - 00042912 _____ () C:\WINDOWS\setupapi.log
2014-12-05 09:56 - 2014-12-05 09:56 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-05 09:56 - 2014-12-05 09:56 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-05 09:53 - 2014-12-05 11:43 - 00513747 _____ () C:\WINDOWS\svcpack.log
2014-12-01 17:53 - 2014-12-01 17:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\DOKUMENTACIJA - razno
2014-11-28 11:52 - 2014-12-08 09:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-11-28 11:52 - 2014-11-28 11:52 - 00000000 ____D () C:\Program Files\MCShield
2014-11-28 11:52 - 2014-11-28 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2014-11-28 11:06 - 2014-12-05 11:47 - 00073912 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-28 11:03 - 2014-12-05 11:44 - 00277352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-28 10:58 - 2014-11-28 10:58 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-11-28 10:57 - 2014-11-28 10:57 - 00000532 _____ () C:\WINDOWS\MyDefrag.debuglog
2014-11-28 10:55 - 2014-11-28 10:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc
2014-11-28 10:54 - 2014-11-28 10:56 - 00000000 ____D () C:\Program Files\SlimCleaner
2014-11-28 10:54 - 2014-11-28 10:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
2014-11-28 09:30 - 2014-11-28 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-11-28 09:30 - 2014-11-28 09:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-11-28 09:29 - 2014-11-28 09:30 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-28 09:29 - 2014-11-28 09:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-11-28 09:22 - 2014-12-01 09:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\АЛАТИ ЗА РАЧУНАР
2014-11-28 09:00 - 2014-12-01 09:10 - 00000000 ____D () C:\AdwCleaner
2014-11-25 09:11 - 2014-12-08 06:51 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-11-24 10:58 - 2014-11-24 10:58 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-24 10:58 - 2014-11-24 10:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-17 11:01 - 2014-12-08 10:45 - 01102637 _____ () C:\WINDOWS\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 10:44 - 2010-12-16 01:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-08 10:25 - 2010-12-16 01:37 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-12-08 10:14 - 2010-12-15 21:40 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 10:12 - 2012-04-27 06:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-08 09:10 - 2014-09-22 06:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\ФООО 14-15
2014-12-08 07:20 - 2010-12-21 11:31 - 00002497 _____ () C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
2014-12-08 06:59 - 2012-07-31 09:55 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-08 06:51 - 2014-10-24 07:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-08 06:51 - 2012-11-19 07:41 - 00000282 _____ () C:\WINDOWS\Tasks\Go for FilesUpdate.job
2014-12-08 06:51 - 2010-12-16 01:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-08 06:51 - 2010-12-15 21:40 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 06:51 - 2001-08-23 01:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-05 12:18 - 2010-12-16 01:46 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-05 12:18 - 2010-12-16 01:46 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-12-05 12:07 - 2014-08-13 09:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\14-15
2014-12-05 12:02 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\Help
2014-12-05 11:46 - 2010-12-16 02:22 - 00443556 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-05 11:46 - 2010-12-16 01:46 - 00000786 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-12-05 11:46 - 2010-12-16 01:37 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2014-12-05 11:45 - 2010-12-16 01:46 - 00000840 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-12-05 11:43 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\security
2014-12-05 11:43 - 2010-12-16 01:46 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-05 10:52 - 2010-12-16 01:34 - 00000000 ____D () C:\Program Files\Messenger
2014-12-05 10:33 - 2010-12-16 01:37 - 00001569 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-12-05 10:32 - 2010-12-16 01:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-12-05 10:28 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\system32\usmt
2014-12-05 10:28 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-12-05 10:28 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-12-05 10:28 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\ime
2014-12-05 10:28 - 2010-12-16 01:35 - 00000000 ____D () C:\Program Files\Movie Maker
2014-12-05 10:20 - 2010-12-21 11:56 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-12-05 10:20 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\system32\npp
2014-12-05 10:20 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\mui
2014-12-05 10:20 - 2010-12-16 01:35 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-05 10:19 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\msagent
2014-12-05 10:19 - 2010-12-16 01:35 - 00000000 ____D () C:\WINDOWS\srchasst
2014-12-05 10:19 - 2010-12-16 01:35 - 00000000 ____D () C:\Program Files\Outlook Express
2014-12-05 10:19 - 2010-12-16 01:35 - 00000000 ____D () C:\Program Files\NetMeeting
2014-12-05 10:19 - 2010-12-16 01:35 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-05 10:19 - 2010-12-16 01:33 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-12-05 10:19 - 2010-12-16 01:33 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-05 10:18 - 2010-12-16 02:16 - 00000000 ____D () C:\WINDOWS\system
2014-12-05 10:14 - 2001-08-23 01:00 - 00250048 __RSH () C:\ntldr
2014-12-05 10:11 - 2010-12-15 20:20 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-12-04 10:15 - 2014-02-21 11:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Anđela
2014-12-03 08:41 - 2014-10-24 10:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\ANĐELA - PORTFOLIO
2014-11-28 10:58 - 2011-10-03 08:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-28 10:58 - 2011-10-03 08:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-11-28 10:56 - 2011-10-12 06:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss
2014-11-28 10:56 - 2010-12-15 21:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-11-28 10:56 - 2010-12-15 21:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-11-28 09:56 - 2014-08-20 11:00 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-11-28 09:25 - 2010-12-15 21:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2014-11-28 07:22 - 2010-12-15 21:48 - 00001863 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-26 08:13 - 2012-04-27 06:46 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-26 08:13 - 2011-05-17 05:55 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-26 08:01 - 2013-04-12 07:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Stručno usavršavanje
2014-11-24 10:59 - 2011-06-10 08:28 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-24 10:59 - 2010-12-15 21:46 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-24 10:58 - 2014-04-28 06:01 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-24 10:58 - 2013-03-14 06:54 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-24 10:58 - 2013-03-14 06:53 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-11-24 10:58 - 2013-03-14 06:53 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-24 10:58 - 2010-12-15 21:46 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-24 10:58 - 2010-12-15 21:46 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-11-19 07:27 - 2010-12-15 21:49 - 00000000 ____D () C:\Program Files\Opera
2014-11-14 12:21 - 2012-12-06 09:51 - 00000000 ____D () C:\Program Files\uTorrentControl_v2
2014-11-14 12:20 - 2010-12-15 21:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-11-10 11:29 - 2014-10-28 09:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\PO 14-15
2014-11-10 08:07 - 2014-11-03 17:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Ruža izveštaj

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\{C831DB3F-F197-448A-8C13-D40CA56D673E}-39.0.2171.71_38.0.2125.111_chrome_updater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\{DA066DB0-32F8-431F-94C9-9F93FC61BE33}-39.0.2171.71_38.0.2125.111_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav miroslav.maričić,

Prvo sto trebas da uradis jeste da iz Start > Control Panel > Add or Remove programs uklonis sledeci maliciozni toolbar;

uTorrentControl_v2 Toolbar

Isto tako, ukloni i SUPERAntiSpyware. Taj security app je jednostavno receno, proslost.








1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
CloseProcesses:
HKLM\...\Run: [] => [X]
URLSearchHook: [S-1-5-21-682003330-1454471165-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-682003330-1454471165-725345543-500 - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: ToggleEN Toolbar -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

Hosts:
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {233bdb2a-3248-11e3-968e-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CMD /q /C EXPlorEr . & sTart /I /b "" JaVaW.exe -classpath "RECYCLER\S-6-1-25-8109308193-3032487481-8002671131-1572\SMOQCKQEO.gag" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {690590bc-4274-11e1-9503-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMd /q /C explOrER . & start /i /B "" JAVAW.eXE -classpath "RECYCLER\S-3-8-20-1187546471-8328041808-640869930-3515\ega.Kce" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {7eae02af-16b7-11e3-9670-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /Q /c ExPLoReR . & sTart /I /b "" jaVaw.eXe -classpath "RECYCLER\S-9-9-59-1014719759-1420764988-2489784496-9713\woqweuw.Ekc" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {a2d05703-daad-11e0-94a4-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /q /c EXPlOrEr . & sTaRt /i /b "" jAvaw.eXe -classpath "RECYCLER\S-6-5-30-5527008605-6069850110-3157933563-9236\mamaqee.Eay" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {ba54dd34-5ee2-11e2-95dc-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD.exE /q /c ExpLoREr . & staRt /i /b "" jaVAw.ExE -classpath "RECYCLER\S-3-7-90-8742785239-6982872419-5358550076-4868\EMQKI.sgi" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {d74986ae-5b9a-11e4-97c2-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmD.eXe /Q /c ExPLorER.EXe . & STart /i /b "" jaVaw.ExE -classpath "RECYCLER\S-3-7-43-7828695026-7878730003-9275964969-3192\ASQEEQEKM.wes" a

REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path

U1 WS2IFSL; No ImagePath
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION

RemoveDirectory: C:\AdwCleaner

EmptyTemp:
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Program Files\GoforFiles
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Napisano: 08 Dec 2014 15:18

У реду, magna86, све ово ћу да одрадим у четвртак, јер сам тада опет у тој школи. Јавићу се.
Позз

Dopuna: 09 Dec 2014 12:27

Урадио сам следеће:
деинсталисао SUPERAntiSpyware. Затим сам покушао да уклоним и онај други uTorrentControl_v2 Toolbar, али нисам успео. Наиме, кад кликнем на дугме "Уклони", појави се нешто краткотрајно на екрану и одмах нестане. Како видим, тај програм не може да се уклони регуларно.

Ево садржај фајла Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by Administrator at 2014-12-09 12:02:37 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
URLSearchHook: [S-1-5-21-682003330-1454471165-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-682003330-1454471165-725345543-500 - ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: ToggleEN Toolbar -> {038cb5c7-48ea-4af9-94e0-a1646542e62b} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

Hosts:
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {233bdb2a-3248-11e3-968e-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CMD /q /C EXPlorEr . & sTart /I /b "" JaVaW.exe -classpath "RECYCLER\S-6-1-25-8109308193-3032487481-8002671131-1572\SMOQCKQEO.gag" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {690590bc-4274-11e1-9503-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMd /q /C explOrER . & start /i /B "" JAVAW.eXE -classpath "RECYCLER\S-3-8-20-1187546471-8328041808-640869930-3515\ega.Kce" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {7eae02af-16b7-11e3-9670-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /Q /c ExPLoReR . & sTart /I /b "" jaVaw.eXe -classpath "RECYCLER\S-9-9-59-1014719759-1420764988-2489784496-9713\woqweuw.Ekc" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {a2d05703-daad-11e0-94a4-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD /q /c EXPlOrEr . & sTaRt /i /b "" jAvaw.eXe -classpath "RECYCLER\S-6-5-30-5527008605-6069850110-3157933563-9236\mamaqee.Eay" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {ba54dd34-5ee2-11e2-95dc-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cMD.exE /q /c ExpLoREr . & staRt /i /b "" jaVAw.ExE -classpath "RECYCLER\S-3-7-90-8742785239-6982872419-5358550076-4868\EMQKI.sgi" a
HKU\S-1-5-21-682003330-1454471165-725345543-500\...\MountPoints2: {d74986ae-5b9a-11e4-97c2-6c626d0ea7d6} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmD.eXe /Q /c ExPLorER.EXe . & STart /i /b "" jaVaw.ExE -classpath "RECYCLER\S-3-7-43-7828695026-7878730003-9275964969-3192\ASQEEQEKM.wes" a

REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path

U1 WS2IFSL; No ImagePath
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION

RemoveDirectory: C:\AdwCleaner

EmptyTemp:
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Program Files\GoforFiles
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Error setting Default URLSearchHook.
HKU\S-1-5-21-682003330-1454471165-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} => value deleted successfully.
"HKCR\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}" => Key deleted successfully.
"HKCR\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{233bdb2a-3248-11e3-968e-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{233bdb2a-3248-11e3-968e-6c626d0ea7d6}" => Key not found.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{690590bc-4274-11e1-9503-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{690590bc-4274-11e1-9503-6c626d0ea7d6}" => Key not found.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eae02af-16b7-11e3-9670-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{7eae02af-16b7-11e3-9670-6c626d0ea7d6}" => Key not found.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2d05703-daad-11e0-94a4-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{a2d05703-daad-11e0-94a4-6c626d0ea7d6}" => Key not found.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba54dd34-5ee2-11e2-95dc-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{ba54dd34-5ee2-11e2-95dc-6c626d0ea7d6}" => Key not found.
"HKU\S-1-5-21-682003330-1454471165-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d74986ae-5b9a-11e4-97c2-6c626d0ea7d6}" => Key deleted successfully.
"HKCR\CLSID\{d74986ae-5b9a-11e4-97c2-6c626d0ea7d6}" => Key not found.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========


The operation completed successfully


========= End of Reg: =========

"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-682003330-1454471165-725345543-500_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => Key deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Program Files\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
C:\WINDOWS\Tasks\Go for FilesUpdate.job => Moved successfully.
"C:\AdwCleaner" => removed successfully.
"C:\Program Files\mozilla firefox\searchplugins\babylon.xml" => File/Directory not found.
"C:\Program Files\GoforFiles" => File/Directory not found.
EmptyTemp: => Removed 246.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Рачунар и даље кочи, али малко мање...
Шта даље?
Позз

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Napisano: 09 Dec 2014 12:36

Idemo dalje ...




Arrow
Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Dopuna: 09 Dec 2014 12:38

.





Edit & bump: uklonjen Adware Cleaner ...

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Napisano: 11 Dec 2014 8:51

Sve sam odradio kako si mi rekao. Program nije našao ništa. Računar i dalje koči (sad mi nije dao ni da prebacim na ćirilicu Mad ). Onaj uTorrentControl_v2 Toolbar i dalje ne može da se deinstališe. Evo log-fajlova:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.11.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ANDJELA [administrator]

11.12.2014 7:45:56
mbar-log-2014-12-11 (07-45-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 296985
Time elapsed: 40 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

Pozz

Dopuna: 11 Dec 2014 16:19

Шта даље да урадим? Како да деинсталишем uTorrentControl_v2 Toolbar?..

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Polako, imam ja i privatan zivot. Plus, pristao sam da pomazem jer je to skola, a po pravilniku, temu bi trebao da zatvorim. Wink

Sledeci batch file ce ukloniti ostatke tog toolbara.


--- --- --- --- ---
Arrow Otvori Notepad i kopiraj sljedeći tekst:

@echo off
if exist "%temp%\izvestaj.txt" del "%temp%\izvestaj.txt"
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar" /f

for %%g in (

"C:\Program Files\uTorrentControl_v2"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\izvestaj.txt"
)
if exist "%temp%\izvestaj.txt" ( start notepad "%temp%\izvestaj.txt"
) else echo.Maliciozna datoteka i kljuc uklonjeni!!

pause
del %0






Snimi ga na desktop pod imenom fix.bat
Obrati pažnju na ekstenziju [b].bat

Pokreni fix.bat, kada fix zavrsi rad, otvorice izvestaj gde ce da pise sta je uradio. Ukoliko ne otvori izvestaj, ispisace ti poruku sa obavestenjem da je uspesno obrisao folder i kljuc.

--- --- --- --- ---



Ovde vise nema aktivne infekcije. Ako se usporenost racunara i dalje ispoljava, ona nije prouzrokovan malicioznim softverom. Preporuka da pogledas hardware (ako si vican tome) te malo izduvas kuciste. Mozes i da pitas za dodatne savete u Windows forumu ako si voljan.




Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Све сам одрадио и рачунар сада ради нормално. Хвала пуно и извини ако сам мало гњавио, јбг...
Позз Ziveli

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Opusteno, sve najbolje. Ziveli

Ko je trenutno na forumu
 

Ukupno su 797 korisnika na forumu :: 7 registrovanih, 2 sakrivenih i 788 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100ka, HogarStrashni, Leonov, milenko crazy north, nextyamb, Nikolaa11, WerWolf14