windows xp u pocetku blokira, youtube secka i ledi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Od nedavno mi se pojavio ovaj problem. Kada se ucita windows narednih pola sata mi je racunar blokiran, kao da nesto radi i tako svaki put. Jos da dodam u isto vreme poceo je youtube da secka i da povremeno ledi, internet je adsl 4 mb. Ucitavanje videa traje brzo za par sekundi ucita do kraja. Pokuso sam da skeniram sa DDS ali nisam uspio, par sekundi nakon pokretanja se zaustavi, iskljcivo sam i AV program isto nece...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo izvestaj:


Zoek.exe v5.0.0.0 Updated 07-February-2014
Tool run by stamenko on ??? 09.02.2014 at 18:16:35,31.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3, v.3264 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\stamenko\Desktop\zoek\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

2/9/2014 6:22:47 PM Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\stamenko\LOCALS~1\Temp ====
2014-02-09 16:20:18 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsa79.tmp\notifykeysC.com
2014-02-09 16:18:35 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsa79.tmp\nsExec.dll
2014-02-09 16:18:13 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsa79.tmp\System.dll
2014-02-09 16:18:13 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsa79.tmp\UserInfo.dll
2014-02-09 14:29:20 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsn3.tmp\notifykeysC.com
2014-02-09 14:25:43 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsn3.tmp\nsExec.dll
2014-02-09 14:25:07 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsn3.tmp\System.dll
2014-02-09 14:25:07 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nsn3.tmp\UserInfo.dll
2014-02-09 12:41:47 D039D4110CA75D7CF96DF1E9C0FA27FF 25088 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\mbr.sys
2014-02-09 12:41:33 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nss62.tmp\notifykeysC.com
2014-02-09 12:40:12 ACC2B699EDFEA5BF5AAE45ABA3A41E96 6656 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nss62.tmp\nsExec.dll
2014-02-09 12:39:58 C17103AE9072A06DA581DEC998343FC1 11264 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nss62.tmp\System.dll
2014-02-09 12:39:58 7579ADE7AE1747A31960A228CE02E666 4096 ----a-w- C:\Documents and Settings\stamenko\Local Settings\Temp\nss62.tmp\UserInfo.dll
====== Java Cache =====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
2014-02-08 18:04:45 67D8767EBD9CC8A7D7E6120DC70EE725 314 ----a-w- C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 18:04:19 B46D823E0D95D4AF58EDDB33390B9D62 332 ----a-w- C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-07 21:26:36 000CD15FBFB4F089CA18B5800A0EA4E0 998 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-07 21:26:25 C048D7EA79E4DF92D6804850BBE7AD3B 946 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-01-21 21:01:27 -------- d-----w- C:\Program Files\Microsoft
======= C: =====
====== C:\Documents and Settings\stamenko\Application Data ======
2014-02-09 12:40:12 -------- d-----r- C:\Documents and Settings\stamenko\Start Menu\Programs\Administrative Tools
2014-02-07 21:18:57 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs
2014-01-19 12:08:03 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google
====== C:\Documents and Settings\stamenko ======
2014-01-21 21:36:50 -------- d-sh--w- C:\Documents and Settings\stamenko\IECompatCache
2014-01-21 21:34:10 -------- d-sh--w- C:\Documents and Settings\stamenko\PrivacIE
2014-01-21 21:24:20 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2014-01-21 21:13:55 -------- d-sh--w- C:\Documents and Settings\stamenko\IETldCache

====== C: exe-files ==
2014-02-08 19:54:24 F594F41C47B36C77F2E59856C080AF08 692872 ----a-w- C:\Documents and Settings\stamenko\My Documents\Downloads\SONY CYBERSHOT DSC-W1 user guide provided through rs.diplotop.com.exe
=== C: other files ==
2014-02-09 16:20:18 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\temp\nsa79.tmp\notifykeysC.com
2014-02-09 14:29:20 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\temp\nsn3.tmp\notifykeysC.com
2014-02-09 12:41:47 D039D4110CA75D7CF96DF1E9C0FA27FF 25088 ----a-w- C:\Documents and Settings\stamenko\Local Settings\temp\mbr.sys
2014-02-09 12:41:33 893F45E8C6E0A4849FF9C712A77C02F6 1042 ----a-w- C:\Documents and Settings\stamenko\Local Settings\temp\nss62.tmp\notifykeysC.com

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\iolo\System Mechanic 6\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe"

[HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="%systemroot%\system32\tscupgrd.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"MsmqIntCert"="regsvr32 /s mqrt.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"windows"="C:\Documents and Settings\stamenko\Application Data\tmp\local.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\browse~1\\25976~1.107\\{c16c1~1\\mngr.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="axcmd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileServe Manager Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FSStarter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FileServe Manager\\FSStarter.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Flashget]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="flashget"
"hkey"="HKLM"
"command"="C:\\Program Files\\FlashGet\\flashget.exe /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleUpdate"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\stamenko\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSConfig]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="u"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\stamenko\\cbkcrk.exe \\u"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TWCU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TWCU"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TP-LINK\\TWCU\\TWCU.exe\" -nogui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateReminder"
"hkey"="HKLM"
"command"="C:\\Program Files\\Eset\\UpdateReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp\\winampa.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk]
"path"="C:\\Documents and Settings\\stamenko\\Start Menu\\Programs\\Startup\\ubisoft register.lnk"
"backup"="C:\\WINDOWS\\pss\\ubisoft register.lnkStartup"
"command"="C:\\Program Files\\Ubi Soft\\Register\\schedule.exe /8/8/2007 8:48:08 PM /game=SplinterCellDemo /language=English /country=Afghanistan /url=http://register-it.ubi.com/register.asp"
"item"="ubisoft register"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.02.2014 19:15]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28.01.2010 12:59]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28.01.2010 12:59]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job --a------ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [07.02.2014 22:21]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job --a------ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [07.02.2014 22:21]
C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job --a------ C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [29.11.2012 20:31]
C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job --a------ C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [29.11.2012 20:31]
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [30.11.2012 15:30]
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [30.11.2012 15:30]
C:\WINDOWS\tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job --ah----- C:\WINDOWS\system32\mobsync.exe [30.11.2007 23:26]
C:\WINDOWS\tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job --ah----- C:\WINDOWS\system32\mobsync.exe [30.11.2007 23:26]
C:\WINDOWS\tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job --ah----- C:\WINDOWS\system32\mobsync.exe [30.11.2007 23:26]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24.12.2012 18:50]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
- Ant Video Downloader - %ProfilePath%\extensions\anttoolbar@ant.com
- Megaupload SX.3.2 - %ProfilePath%\extensions\pbreak.br@gmail.com
- GamePlayLabs Plugin - %ProfilePath%\extensions\plugin2@gameplaylabs.com
- Freecorder Toolbar - %ProfilePath%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
- I Miro - %ProfilePath%\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
- GigaSize Toolbar - %ProfilePath%\extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
- NCH - %ProfilePath%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
- Cooliris Previews - %ProfilePath%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
- free-downloads.net Toolbar - %ProfilePath%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}(2)
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
E18B5B26F41D8C37CCAA7256F29F6A15 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
EA85C911C213873A975A5988ED19A66B - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
EB27974F79E33D9A1FD388668B9AF60E - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
0A846B198F8D441E22772A9B38C6DCF6 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
19519A80A9054B81174FFA337FFB3E53 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
99F97C9FE748C37528C338A423577FCB - C:\Documents and Settings\stamenko\Application Data\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8FDF6459DC93F093C6F4ADAA89102EB8 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll - RealArcade Mozilla Plugin
8B07628E389E72B83473383914333AD6 - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL - Microsoft Office 2003
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 20:35]
ocphobfcfafpclibolpjdafgaffkaoci - C:\Documents and Settings\stamenko\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx[]

Google Docs - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.rs/"
"Search Page"="http://www.google.com"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{84595A0C-7D5E-43F6-905E-353918E34F77}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Search the web (Babylon) Url="http://search.babylon.com/?q={searchTerms}&affID=117023&tt=111212_old_5012_3&babsrc=SP_ss&mntrId=2c8c1e7900000000000000112fde9b0a"
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Ask Search Url="http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=en_RS&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^RS&apn_uid=2a68d81e-d36f-46d7-a62e-6de39a111f40&apn_sauid=6AFE491C-BEA7-4E9C-B1E8-F0882B438C10"
{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Yahoo! Search Url="http://search.yahoo.com/search?fr=chr-vmn&type=Gigasize2_1yach&q={searchTerms}&ei=UTF-8"
{84595A0C-7D5E-43F6-905E-353918E34F77} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{8A244612-A1F7-11E0-95C0-E71F4824019B} Search Url="http://badoo.com/startpage/?source=bsb&q={searchTerms}"
{A081B76A-1546-4B33-A7C5-B2E756902469} Yahoo-FileServe Url="http://fileservehome.com/?tmp=toolbar_FileServe_results&prt=fileservetb01ie&Keywords={searchTerms}&clid=d34e46d52ea74836bb18556e65879533"
{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} Winamp Search Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on ??? 09.02.2014 at 18:29:19,19 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run];r
"windows"=-;r
C:\Documents and Settings\stamenko\Application Data\tmp;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
c:\\docume~1\\alluse~1\\applic~1\\browse~1;fs 
Freecorder Toolbar;ff
I Miro;ff
NCH;ff
free-downloads.net Toolbar;ff
emptyalltemp;
autoclean;



Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 09 Feb 2014 22:31

Zoek je skeniro i racunar se restartovo ovog puta, ali se izvestaj nije pojavio. Hocu li da ponovim...?

Dopuna: 09 Feb 2014 22:36

pronaso sam ga:


Zoek.exe v5.0.0.0 Updated 07-February-2014
Tool run by stamenko on ??? 09.02.2014 at 21:33:39,75.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3, v.3264 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\stamenko\Desktop\zoek\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-09-172919.log 25409 bytes

==== Creating Sample_09.02.2014_2149.zip ======================

Copied file C:\Documents and Settings\All Users\Application Data\vlc-1.0.3-win32.exe to sample\vlc-1.0.3-win32.exe
sample\vlc-1.0.3-win32.exe renamed to 5C707790262C303361D05A144C8089F4

C:\Documents and Settings\All Users\Desktop\sample_09.02.2014_2149.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully
HKEY_USERS\S-1-5-21-515967899-854245398-1343024091-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A081B76A-1546-4B33-A7C5-B2E756902469} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default

---- Lines NCH removed from prefs.js ----
user_pref("browser.search.defaultenginename", "NCH Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "NCH Customized Web Search");
user_pref("CT1098640.RadioStationURL", "http://www.gotradio.com/player/launch.asp?id=20&cr=32");
user_pref("CT2117678.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DBy0iz2zqti0\",\"EB_MAIN_FRAME_TITLE\
user_pref("CT2117678.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://NCH.OurToolbar.com//xpi\"}")
user_pref("CT2117678.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH \"}");
user_pref("CT2117678.smartbar.toolbarName", "NCH ");
user_pref("urlclassifier.tableversion.goog-black-enchash", "1.58321");
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "2c8c1e7900000000000000112fde9b0a");
user_pref("extensions.BabylonToolbar.instlDay", "15686");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=2c8c1e7900000000000000112fde9b0a&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=111212_old_5012_3");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.911:14:20");
---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=2c8c1e7900000000000000112fde9b0a&q=");
user_pref("extensions.BabylonToolbar.id", "2c8c1e7900000000000000112fde9b0a");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15686");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.911:14:20");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=111212_old_5012_3");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);

---- Lines CT2117678 removed from prefs.js ----
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2117678", "\"1336426452\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2117678", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2117678/CT2117678", "\"9c4cfc32eb744b29041b1f30748145a43\"");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2117678");
user_pref("CommunityToolbar.ToolbarsList", "CT2117678");
user_pref("CommunityToolbar.ToolbarsList2", "CT2117678");
user_pref("CT2117678..clientLogIsEnabled", false);
user_pref("CT2117678..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2117678..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2117678.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2117678.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2117678.alertChannelId", "522511");
user_pref("CT2117678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2117678.BrowserCompStateIsOpen_129808998463171277", true);
user_pref("CT2117678.clientLogIsEnabled", false);
user_pref("CT2117678.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2117678.countryCode", "RS");
user_pref("CT2117678.CTID", "CT2117678");
user_pref("CT2117678.CurrentServerDate", "18-1-2014");
user_pref("CT2117678.DialogsAlignMode", "LTR");
user_pref("CT2117678.DialogsGetterLastCheckTime", "Sat Jan 18 2014 00:33:18 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.DownloadReferralCookieData", "");
user_pref("CT2117678.EMailNotifierPollDate", "Wed Apr 27 2011 12:14:10 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2117678.FirstServerDate", "13-3-2011");
user_pref("CT2117678.FirstTime", true);
user_pref("CT2117678.firstTimeDialogOpened", true);
user_pref("CT2117678.FirstTimeFF3", true);
user_pref("CT2117678.FirstTimeSettingsDone", true);
user_pref("CT2117678.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2117678.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2117678.FixPageNotFoundErrors", true);
user_pref("CT2117678.fullUserID", "UN08954608376001838.UP.20140118140721");
user_pref("CT2117678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2117678.GroupingServerCheckInterval", 1440);
user_pref("CT2117678.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2117678.HasUserGlobalKeys", true);
user_pref("CT2117678.homepageProtectorEnableByLogin", true);
user_pref("CT2117678.homepageuserchanged", true);
user_pref("CT2117678.initDone", true);
user_pref("CT2117678.Initialize", true);
user_pref("CT2117678.InitializeCommonPrefs", true);
user_pref("CT2117678.InstallationAndCookieDataSentCount", 3);
user_pref("CT2117678.InstallationType", "UnknownIntegration");
user_pref("CT2117678.InstalledDate", "Sun Mar 13 2011 16:03:01 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.installType", "DirectDownload");
user_pref("CT2117678.InvalidateCache", false);
user_pref("CT2117678.isCheckedStartAsHidden", true);
user_pref("CT2117678.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2117678.isFirstTimeToolbarLoading", "false");
user_pref("CT2117678.IsGrouping", false);
user_pref("CT2117678.IsMulticommunity", false);
user_pref("CT2117678.IsOpenThankYouPage", true);
user_pref("CT2117678.IsOpenUninstallPage", true);
user_pref("CT2117678.isPerformedSmartBarTransition", "true");
user_pref("CT2117678.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2117678.keyword", true);
user_pref("CT2117678.LanguagePackLastCheckTime", "Sat Jan 18 2014 00:33:18 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2117678.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2117678.LastLogin_2.7.2.0", "Wed Apr 13 2011 08:43:31 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.LastLogin_3.12.2.3", "Sat Jun 02 2012 13:35:35 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.LastLogin_3.13.0.6", "Sat Jan 18 2014 00:33:17 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2117678&octid=CT2117678&SearchSource=
user_pref("CT2117678.lastVersion", "10.20.101.5");
user_pref("CT2117678.LatestVersion", "3.20.0.4");
user_pref("CT2117678.Locale", "en-us");
user_pref("CT2117678.LoginCache", 4);
user_pref("CT2117678.MCDetectTooltipHeight", "83");
user_pref("CT2117678.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2117678.MCDetectTooltipWidth", "295");
user_pref("CT2117678.myStuffEnabled", true);
user_pref("CT2117678.MyStuffEnabledAtInstallation", true);
user_pref("CT2117678.myStuffPublihserMinWidth", 400);
user_pref("CT2117678.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2117678.myStuffServiceIntervalMM", 1440);
user_pref("CT2117678.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2117678.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2117678.originalSearchAddressUrl", "chrome://browser-region/locale/region.properties");
user_pref("CT2117678.RadioIsPodcast", false);
user_pref("CT2117678.RadioLastCheckTime", "Wed Apr 27 2011 09:45:37 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.RadioLastUpdateIPServer", "3");
user_pref("CT2117678.RadioLastUpdateServer", "128929877726170000");
user_pref("CT2117678.RadioMediaID", "9583498");
user_pref("CT2117678.RadioMediaType", "Media Player");
user_pref("CT2117678.RadioMenuSelectedID", "EBRadioMenu_CT21176789583498");
user_pref("CT2117678.RadioStationName", "ABC%20Newsradio%20");
user_pref("CT2117678.RadioStationURL", "http://www.abc.net.au/streaming/newsradio.asx");
user_pref("CT2117678.revertSettingsEnabled", true);
user_pref("CT2117678.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2117678&octid=EB_ORIGINAL_CTID&SearchSour
user_pref("CT2117678.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2117678.SearchFromAddressBarIsInit", true);
user_pref("CT2117678.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=");
user_pref("CT2117678.SearchInNewTabEnabled", true);
user_pref("CT2117678.searchInNewTabEnabledByUser", "true");
user_pref("CT2117678.searchInNewTabEnabledInHidden", "true");
user_pref("CT2117678.SearchInNewTabIntervalMM", 1440);
user_pref("CT2117678.SearchInNewTabLastCheckTime", "Sat Jan 18 2014 00:33:11 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2117678.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2117678.searchProtectorDialogDelayInSec", 10);
user_pref("CT2117678.searchProtectorEnableByLogin", true);
user_pref("CT2117678.searchSuggestEnabledByUser", "false");
user_pref("CT2117678.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2117678.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2117678.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2117678.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2117678\"}");
user_pref("CT2117678.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2117678.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2117678.serviceLayer_services_Configuration_lastUpdate", "1390220847564");
user_pref("CT2117678.serviceLayer_services_login_10.20.101.5_lastUpdate", "1390235249105");
user_pref("CT2117678.serviceLayer_services_searchAPI_lastUpdate", "1390220847506");
user_pref("CT2117678.serviceLayer_services_serviceMap_lastUpdate", "1390220847282");
user_pref("CT2117678.serviceLayer_services_toolbarSettings_lastUpdate", "1390242449233");
user_pref("CT2117678.serviceLayer_services_translation_lastUpdate", "1390220847213");
user_pref("CT2117678.ServiceMapLastCheckTime", "Sat Jan 18 2014 00:33:15 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.SettingsCheckIntervalMin", 120);
user_pref("CT2117678.settingsINI", true);
user_pref("CT2117678.SettingsLastCheckTime", "Sat Jan 18 2014 00:33:11 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.SettingsLastUpdate", "1389625821");
user_pref("CT2117678.showToolbarPermission", "false");
user_pref("CT2117678.SHRINK_TOOLBAR", 1);
user_pref("CT2117678.smartbar.CTID", "CT2117678");
user_pref("CT2117678.smartbar.Uninstall", "0");
user_pref("CT2117678.testingCtid", "");
user_pref("CT2117678.ThirdPartyComponentsInterval", 504);
user_pref("CT2117678.ThirdPartyComponentsLastCheck", "Wed Apr 13 2011 07:42:00 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2117678.toolbarAppMetaDataLastCheckTime", "Sat Jan 18 2014 00:33:18 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.toolbarBornServerTime", "13-3-2011");
user_pref("CT2117678.toolbarCurrentServerTime", "20-1-2014");
user_pref("CT2117678.toolbarLoginClientTime", "Sat Jan 18 2014 14:07:41 GMT+0100 (Central Europe Standard Time)");
user_pref("CT2117678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityTool
user_pref("CT2117678.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2117678.UserID", "UN08954608376001838");
user_pref("CT2117678.ValidationData_Toolbar", 2);
user_pref("CT2117678.WeatherNetwork", "");
user_pref("CT2117678.WeatherPollDate", "Wed Apr 27 2011 12:14:12 GMT+0200 (Central Europe Standard Time)");
user_pref("CT2117678.WeatherUnit", "C");
user_pref("CT2117678_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1390220840058,\"isWithState\":\"\",\"timeFromStar
user_pref("smartbar.addressBarOwnerCTID", "CT2117678");
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=,http://search.conduit.com/ResultsExt.as
user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?CUI=UN08954608376001838&ctid=CT2117678&SearchSource=3&q={searchT
user_pref("Smartbar.keywordURLSelectedCTID", "CT2117678");
---- Lines CT1060933 removed from prefs.js ----
user_pref("CT1060933.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1060933.AllowNonPrivacy", false);
user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Oct 26 2008 21:27:39 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1060933.CommunityChanged", false);
user_pref("CT1060933.CTID", "CT1060933");
user_pref("CT1060933.CTPBaseServerUrl", "http://services.conduit.com/");
user_pref("CT1060933.DialogsAlignMode", "LTR");
user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Oct 26 2008 21:19:29 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201073583");
user_pref("CT1060933.EnableUsage", true);
user_pref("CT1060933.FirstTime", true);
user_pref("CT1060933.FirstTimeFF3", true);
user_pref("CT1060933.FixPageNotFoundErrors", true);
user_pref("CT1060933.FixPageNotFoundUrl", "http://Freecorder.Media-Toolbar.com/notfound/?actid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&url=EB_MAIN_FRAME_
user_pref("CT1060933.Initialize", true);
user_pref("CT1060933.IsGrouping", false);
user_pref("CT1060933.IsMulticommunity", true);
user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Oct 26 2008 21:19:31 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1060933.LanguagePackReloadInterval", "24");
user_pref("CT1060933.LastLogin", "Sun Oct 26 2008 21:19:30 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1060933.Locale", "en-us");
user_pref("CT1060933.LoginCache", "3");
user_pref("CT1060933.MCDetectTooltipHeight", "83");
user_pref("CT1060933.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1060933.MCDetectTooltipWidth", "295");
user_pref("CT1060933.RadioIsPodcast", false);
user_pref("CT1060933.RadioLastCheckTime", "Sun Oct 26 2008 21:19:30 GMT+0100 (Central Europe Standard Time)");
user_pref("CT1060933.RadioLastUpdateIPServer", "0");
user_pref("CT1060933.RadioLastUpdateServer", "128613790587930000");
user_pref("CT1060933.RadioMediaID", "5020427");
user_pref("CT1060933.RadioMediaType", "Media Player");
user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT10609335020427");
user_pref("CT1060933.RadioStationName", "Classic%20Rock");
user_pref("CT1060933.RadioStationURL", "http://tuner1.dc1.sonixtream.com/playlists/wmgk/wmgkWMGKFM.asx");
user_pref("CT1060933.Server", "http://users.conduit.com");
user_pref("CT1060933.SettingsLastUpdate", "1224427414");
user_pref("CT1060933.SHRINK_TOOLBAR", 1);
user_pref("CT1060933.ThirdPartyComponentsInterval", "24");
user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Sep 28 2008 14:38:12 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1217257586");
user_pref("CT1060933.ToolbarAlignMode", "SYSTEM");
user_pref("CT1060933.ToolbarName", "Freecorder");
user_pref("CT1060933.UserID", "UN20080928143808401");
user_pref("CT1060933.VusualLastUpdateTime", "1216898258");
---- Lines CT1098640 removed from prefs.js ----
user_pref("CT1098640.AboutPrivacyUrl", "http://www.conduit.com/privacy");
user_pref("CT1098640.AllowNonPrivacy", false);
user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Tue Jun 10 2008 22:37:36 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.CommunityChanged", false);
user_pref("CT1098640.CTID", "CT1098640");
user_pref("CT1098640.CTPBaseServerUrl", "http://services.conduit.com/");
user_pref("CT1098640.DialogsAlignMode", "LTR");
user_pref("CT1098640.DownloadDomainsCheckInterval", "168");
user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Tue Jun 10 2008 14:15:09 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.DownloadDomainsListLastServerUpdateTime", "1201073583");
user_pref("CT1098640.EnableUsage", true);
user_pref("CT1098640.FeedLastCount128295883430100008", 7);
user_pref("CT1098640.FeedLastCount128295885701037994", 10);
user_pref("CT1098640.FeedPollDate128295883430100008", "Tue Jun 10 2008 23:37:38 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.FeedPollDate128295885701037994", "Tue Jun 10 2008 22:37:38 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.FirstTime", true);
user_pref("CT1098640.Initialize", true);
user_pref("CT1098640.IsGrouping", false);
user_pref("CT1098640.IsMulticommunity", true);
user_pref("CT1098640.LanguagePackLastCheckTime", "Tue Jun 10 2008 14:35:11 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.LanguagePackReloadInterval", "24");
user_pref("CT1098640.LastLogin", "Tue Jun 10 2008 22:11:17 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.Locale", "en-us");
user_pref("CT1098640.LoginCache", "3");
user_pref("CT1098640.MCDetectTooltipHeight", "83");
user_pref("CT1098640.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1098640.MCDetectTooltipWidth", "295");
user_pref("CT1098640.RadioIsPodcast", false);
user_pref("CT1098640.RadioLastCheckTime", "Tue Jun 10 2008 14:15:15 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.RadioLastUpdateIPServer", "0");
user_pref("CT1098640.RadioLastUpdateServer", "128571501420770000");
user_pref("CT1098640.RadioMediaType", "Media Player");
user_pref("CT1098640.RadioMenuSelectedID", "EBRadioMenu_CT1098640_RECENT4817831");
user_pref("CT1098640.RadioShrinked", "expanded");
user_pref("CT1098640.RadioStationName", "Top%2040");
user_pref("CT1098640.Server", "http://users.conduit.com");
user_pref("CT1098640.SettingsLastUpdate", "1213119077");
user_pref("CT1098640.SHRINK_TOOLBAR", 1);
user_pref("CT1098640.ThirdPartyComponentsInterval", "24");
user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Tue Jun 10 2008 14:14:24 GMT+0200 (Central Europe Standard Time)");
user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1212665742");
user_pref("CT1098640.ToolbarAlignMode", "SYSTEM");
user_pref("CT1098640.ToolbarName", "free-downloads.net");
user_pref("CT1098640.UserID", "UN20080610141103362");
user_pref("CT1098640.VusualLastUpdateTime", "1213119077");
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"4632ef8b470591620e183b5f3873b707\"");
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 09:44:51 GMT+0200 (Central Europe Standard Time)");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 27 2011 09:44:51 GMT+0200 (Central Europe Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{8fc473fb-f016-41c6-9fb8-f2d00a941156}");
user_pref("CommunityToolbar.globalUserId", "fe045ae6-e381-4ad4-bf7c-dea2fe6befaa");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.machineId", "8NKLPR2Q4LZHQ68D4TN3M2SHEKUKJQWKJIZAWN0NQXK7GHNM+UR9JKQPO5BSW3XFCJLN9UBYPSRO1Y6OJZIOFW");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
---- FireFox user.js and prefs.js backups ----

user_09.02.2014_2151_.backup
prefs_09.02.2014_2151_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"windows"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

c:\\docume~1\\alluse~1\\applic~1\\browse~1 not found
C:\Documents and Settings\stamenko\Application Data\tmp deleted
C:\Documents and Settings\All Users\Application Data\EmailNotifier deleted
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\Program Files\MyPC Backup deleted
C:\FOUND.000 deleted
C:\FOUND.001 deleted
C:\FOUND.002 deleted
C:\FOUND.003 deleted
C:\FOUND.004 deleted
C:\FOUND.005 deleted
C:\FOUND.006 deleted
C:\FOUND.007 deleted
C:\FOUND.008 deleted
C:\FOUND.009 deleted
C:\FOUND.010 deleted
C:\FOUND.011 deleted
C:\FOUND.012 deleted
C:\FOUND.013 deleted
C:\FOUND.014 deleted
C:\FOUND.015 deleted
C:\FOUND.016 deleted
C:\FOUND.017 deleted
C:\FOUND.018 deleted
C:\Documents and Settings\stamenko\Application Data\Uniblue deleted
C:\Documents and Settings\stamenko\Application Data\Thinstall deleted
C:\Documents and Settings\stamenko\Application Data\Yahoo! deleted
C:\Documents and Settings\stamenko\Application Data\Babylon deleted
C:\Documents and Settings\stamenko\Application Data\GetRightToGo deleted
C:\Documents and Settings\stamenko\Application Data\Systweak deleted
C:\Documents and Settings\All Users\Application Data\Babylon deleted
C:\Documents and Settings\stamenko\Local Settings\Application Data\APN deleted
C:\Documents and Settings\stamenko\Local Settings\Application Data\Conduit deleted
C:\WINDOWS\WinInit.Ini deleted
C:\WINDOWS\system32\roboot.exe deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\babylon1.xml deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\askcom.xml deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\valueApps deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\CT1060933 deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\CT1098640 deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\CT2117678 deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\gigasizetb deleted
C:\Program Files\Mozilla Firefox\components\AskHPRFF.js deleted
C:\Documents and Settings\All Users\Application Data\vlc-1.0.3-win32.exe deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\conduit deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\smartbar deleted
"C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\conduit.xml" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24.12.2012 18:50]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
- Ant Video Downloader - %ProfilePath%\extensions\anttoolbar@ant.com
- Megaupload SX.3.2 - %ProfilePath%\extensions\pbreak.br@gmail.com
- GamePlayLabs Plugin - %ProfilePath%\extensions\plugin2@gameplaylabs.com
- Freecorder Toolbar - %ProfilePath%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
- I Miro - %ProfilePath%\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
- GigaSize Toolbar - %ProfilePath%\extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
- Cooliris Previews - %ProfilePath%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
- free-downloads.net Toolbar - %ProfilePath%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}(2)
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
E18B5B26F41D8C37CCAA7256F29F6A15 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
EA85C911C213873A975A5988ED19A66B - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
EB27974F79E33D9A1FD388668B9AF60E - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
0A846B198F8D441E22772A9B38C6DCF6 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
19519A80A9054B81174FFA337FFB3E53 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
99F97C9FE748C37528C338A423577FCB - C:\Documents and Settings\stamenko\Application Data\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8FDF6459DC93F093C6F4ADAA89102EB8 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll - RealArcade Mozilla Plugin
8B07628E389E72B83473383914333AD6 - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL - Microsoft Office 2003
8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin


==== Deleted Firefox Extensions ======================

C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88} deleted
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}(2) deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 20:35]
ocphobfcfafpclibolpjdafgaffkaoci - C:\Documents and Settings\stamenko\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx[]

RealDownloader - stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.rs/"
"Search Page"="http://www.google.com"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.rs/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{84595A0C-7D5E-43F6-905E-353918E34F77}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{84595A0C-7D5E-43F6-905E-353918E34F77} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{8A244612-A1F7-11E0-95C0-E71F4824019B} Search Url="http://badoo.com/startpage/?source=bsb&q={searchTerms}"
{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} Winamp Search Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileServe Manager Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\stamenko\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\stamenko\Local Settings\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1471 folders=281 31622432 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Guest\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\stamenko\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 10 Feb 2014 20:22

Evo (FRST.txt) :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by stamenko (administrator) on TRADICIJ-PHDH6Y on 10-02-2014 20:10:18
Running from C:\Documents and Settings\stamenko\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\System32\Ati2evxx.exe
() C:\WINDOWS\System32\acs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\tcpsvcs.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295072 2012-12-24] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [Google Update] - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [RunStartupScriptSync] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideStartupScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {0d397027-5bab-11dd-933c-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {167c5650-3e09-11dd-9264-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {23c7e1c0-37a0-11dd-9230-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {52931fd0-0d84-11dd-91ef-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {78bec810-3f5e-11dd-926a-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {8a0b0180-6d08-11dd-9372-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {b2fa67f0-0b10-11de-9520-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {c79b3100-6e8f-11dd-9378-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {caf98da1-5699-11dd-9318-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {ccebc070-51bc-11dd-92ee-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {ccebc071-51bc-11dd-92ee-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d0e8d0b1-0150-11dd-91d9-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d1cf2570-48da-11dd-92a6-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d8f95da0-704d-11dd-937d-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {f5731930-4480-11dd-9290-c313f52fbdc0} - E:\AutoRun.exe
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn.com/?ocid=OIE8HP&PC=UP62
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
Toolbar: HKLM - No Name - {89DE49C7-E350-4C8E-885B-A41F859B93C4} - No File
Toolbar: HKLM - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {fc3afa42-0f90-4da8-acc2-9b34687808ff} - No File
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog9 01 imon.dll File Not found ()
Winsock: Catalog9 02 imon.dll File Not found ()
Winsock: Catalog9 03 imon.dll File Not found ()
Winsock: Catalog9 04 imon.dll File Not found ()
Winsock: Catalog9 05 imon.dll File Not found ()
Winsock: Catalog9 06 imon.dll File Not found ()
Winsock: Catalog9 07 imon.dll File Not found ()
Winsock: Catalog9 15 imon.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
FF user.js: detected! => C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\user.js
FF Homepage: google.rs/
FF Keyword.URL: hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\stamenko\Application Data\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\fileserve.xml
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fileserve.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\vokabular.xml
FF Extension: Ant Video Downloader - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\anttoolbar@ant.com [2014-01-22]
FF Extension: Megaupload SX.3.2 - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\pbreak.br@gmail.com [2008-08-27]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\plugin2@gameplaylabs.com [2011-03-30]
FF Extension: GigaSize Toolbar - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4} [2010-06-11]
FF Extension: DownloadHelper - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2008-06-27]
FF Extension: Cooliris Previews - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2) [2008-06-03]
FF Extension: FlashGot - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-07-10]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-24]

Chrome:
=======
CHR Extension: (Google документи) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-27]
CHR Extension: (Google диск) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (YouTube) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google претрага) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (RealDownloader) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-27]
CHR Extension: (Google новчаник) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2007-11-30] (Microsoft Corporation)
R2 ACS; C:\WINDOWS\System32\acs.exe [36864 2005-05-04] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [397312 2004-04-01] ()
S2 gupdate1caa0115d702ca0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-28] (Google Inc.)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\System32\tcpsvcs.exe [19456 2001-08-23] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-10-02] ()
S2 MSMQ; C:\WINDOWS\System32\mqsvc.exe [4608 2007-11-30] (Microsoft Corporation)
S2 MSMQTriggers; C:\WINDOWS\System32\mqtgsvc.exe [117248 2007-11-30] (Microsoft Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2007-11-30] (Microsoft Corporation)
R2 Pctspk; C:\WINDOWS\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SMTPSVC; C:\WINDOWS\System32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2006-11-02] (Meetinghouse Data Communications)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [18944 2006-01-22] (Aladdin Knowledge Systems)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
R2 CNCIO; C:\WINDOWS\system32\Drivers\CNCIO.sys [24976 2004-07-06] (Licensed for Flaming Lamps)
R2 ddnt; C:\WINDOWS\system32\drivers\ddnt.sys [8480 2006-06-02] ()
R2 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] ()
R2 hardlock; C:\WINDOWS\System32\drivers\hardlock.sys [461824 2006-01-22] (Aladdin Knowledge Systems)
R2 Haspnt; C:\WINDOWS\System32\drivers\Haspnt.sys [47616 2006-01-22] (Aladdin Knowledge Systems)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [197504 2003-11-19] (Conexant Systems, Inc.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2005-10-31] (Logix4u)
R2 io.sys; C:\WINDOWS\System32\drivers\io.sys [5152 2006-01-25] ()
R3 Mach2; C:\WINDOWS\System32\Drivers\Mach2.sys [99936 2005-05-21] (Your Corporation)
S3 Mach3; C:\WINDOWS\System32\Drivers\Mach3.sys [106240 2007-12-19] (Your Corporation)
R3 MQAC; C:\WINDOWS\System32\drivers\mqac.sys [92544 2007-11-30] (Microsoft Corporation)
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2007-11-30] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5786 2004-01-19] ()
S3 PCANDIS5; C:\Program Files\SparkLAN 11Mbps Wireless\PCANDIS5.SYS [16292 2001-04-19] (Printing Communications Assoc., Inc. (PCAUSA))
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-07-01] (Padus, Inc.)
S3 Ptserli; C:\WINDOWS\System32\DRIVERS\ptserli.sys [128286 2001-08-17] (PCTEL, INC.)
R3 Pulser; C:\WINDOWS\System32\Drivers\Pulser.sys [91679 2002-05-02] (Your Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2009-05-22] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [242640 2004-02-19] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2007-11-30] (Microsoft Corporation)
R0 Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.)
R0 Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.)
R0 Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.)
S3 w22n51; C:\WINDOWS\System32\DRIVERS\w22n51.sys [1657344 2004-03-24] (Intel® Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\stamenko\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 hwdatacard; System32\DRIVERS\ewusbmdm.sys [X]
U5 Mtdrv; C:\Windows\System32\Drivers\Mtdrv.sys [99395 2003-11-20] (TRIMETA software GmbH)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2007-11-30] (Microsoft Corporation)
S3 zlportio; \??\C:\Program Files\cp09632\temp\zlportio.sys [X]
S2 zntport; \??\C:\WINDOWS\System32\zntport.sys [X]
U3 a6a3uvv2; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 20:08 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST
2014-02-09 21:58 - 2014-02-09 21:58 - 00000204 _____ () C:\files.log
2014-02-09 21:49 - 2014-02-09 21:59 - 00000079 _____ () C:\folders.log
2014-02-09 21:49 - 2014-02-09 21:59 - 00000000 ____D () C:\zoek
2014-02-09 21:36 - 2014-02-09 18:29 - 00025409 _____ () C:\zoek-results2014-02-09-172919.log
2014-02-09 18:22 - 2014-02-09 21:59 - 00040358 _____ () C:\zoek-results.log
2014-02-09 18:16 - 2014-02-09 21:55 - 00000000 ____D () C:\zoek_backup
2014-02-09 18:11 - 2014-02-09 18:11 - 00000000 ____D () C:\Documents and Settings\stamenko\Desktop\zoek
2014-02-09 18:05 - 2014-02-09 18:06 - 04088082 _____ () C:\Documents and Settings\stamenko\Desktop\zoek.zip
2014-02-09 17:16 - 2014-02-09 17:16 - 00688992 ____R (Swearware) C:\Documents and Settings\stamenko\Desktop\dds.pif
2014-02-08 19:04 - 2014-02-10 14:49 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 19:04 - 2014-02-09 15:15 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 19:04 - 2014-02-08 19:04 - 00000332 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-07 22:26 - 2014-02-10 19:31 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-07 22:26 - 2014-02-09 22:31 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-01-25 19:39 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-25 19:39 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-25 19:39 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-25 19:39 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-25 19:37 - 2014-01-25 19:39 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-22 20:57 - 2014-01-22 20:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012214-01.dmp
2014-01-21 22:36 - 2014-01-21 22:36 - 00000000 __SHD () C:\Documents and Settings\stamenko\IECompatCache
2014-01-21 22:34 - 2014-01-21 22:34 - 00000000 __SHD () C:\Documents and Settings\stamenko\PrivacIE
2014-01-21 22:24 - 2014-01-21 22:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-01-21 22:15 - 2014-01-21 22:15 - 00000803 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 22:13 - 2014-01-21 22:13 - 00000000 __SHD () C:\Documents and Settings\stamenko\IETldCache
2014-01-21 21:54 - 2014-01-21 22:00 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-21 21:52 - 2014-01-21 22:00 - 00041551 _____ () C:\WINDOWS\ie8.log
2014-01-21 21:51 - 2014-01-21 22:05 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-20 20:59 - 2014-01-20 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-19 13:05 - 2014-02-04 23:33 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-19 13:05 - 2014-01-19 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-01-18 15:02 - 2014-01-18 15:02 - 00000792 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Windows Media Player.lnk

==================== One Month Modified Files and Folders =======

2014-02-10 20:10 - 2014-02-10 20:08 - 00000000 ____D () C:\FRST
2014-02-10 20:07 - 2013-02-25 10:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-10 19:37 - 2005-09-21 11:22 - 01928849 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 19:31 - 2014-02-07 22:26 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-10 19:15 - 2010-01-28 13:13 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 16:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-10 14:57 - 2008-07-11 22:47 - 00093354 _____ () C:\WINDOWS\setupapi.log
2014-02-10 14:53 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-02-10 14:49 - 2014-02-08 19:04 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2012-12-24 18:53 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2012-12-24 18:53 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2010-01-28 13:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 14:49 - 2005-04-21 20:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 14:49 - 2005-04-20 01:57 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-10 14:49 - 2005-04-20 01:57 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-10 11:46 - 2008-05-17 22:20 - 00000041 _____ () C:\WINDOWS\Filzip.ini
2014-02-10 09:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-10 00:13 - 2005-04-25 11:37 - 00000278 ___SH () C:\Documents and Settings\stamenko\ntuser.ini
2014-02-10 00:12 - 2005-04-25 11:37 - 00000000 ____D () C:\Documents and Settings\stamenko
2014-02-09 23:31 - 2005-04-21 20:24 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-09 22:31 - 2014-02-07 22:26 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-02-09 21:59 - 2014-02-09 21:49 - 00000079 _____ () C:\folders.log
2014-02-09 21:59 - 2014-02-09 21:49 - 00000000 ____D () C:\zoek
2014-02-09 21:59 - 2014-02-09 18:22 - 00040358 _____ () C:\zoek-results.log
2014-02-09 21:58 - 2014-02-09 21:58 - 00000204 _____ () C:\files.log
2014-02-09 21:55 - 2014-02-09 18:16 - 00000000 ____D () C:\zoek_backup
2014-02-09 21:29 - 2005-10-09 20:29 - 00000414 ____H () C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-09 18:29 - 2014-02-09 21:36 - 00025409 _____ () C:\zoek-results2014-02-09-172919.log
2014-02-09 18:11 - 2014-02-09 18:11 - 00000000 ____D () C:\Documents and Settings\stamenko\Desktop\zoek
2014-02-09 18:06 - 2014-02-09 18:05 - 04088082 _____ () C:\Documents and Settings\stamenko\Desktop\zoek.zip
2014-02-09 17:16 - 2014-02-09 17:16 - 00688992 ____R (Swearware) C:\Documents and Settings\stamenko\Desktop\dds.pif
2014-02-09 15:15 - 2014-02-08 19:04 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-09 11:54 - 2011-08-19 03:54 - 00000000 ____D () C:\Documents and Settings\stamenko\My Documents\Word dokumenti
2014-02-09 11:25 - 2011-08-19 03:51 - 00000000 ____D () C:\Documents and Settings\stamenko\My Documents\PDF dokumenti
2014-02-08 19:49 - 2008-06-29 21:41 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-08 19:46 - 2005-04-20 01:55 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-08 19:28 - 2008-08-12 16:12 - 00000000 ____D () C:\Program Files\Winamp
2014-02-08 19:25 - 2008-01-22 21:26 - 00000000 ____D () C:\Program Files\Google
2014-02-08 19:04 - 2014-02-08 19:04 - 00000332 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 18:09 - 2011-08-19 06:02 - 02887680 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1117.tmp
2014-02-08 18:08 - 2011-08-19 06:02 - 02815488 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0439.tmp
2014-02-08 18:03 - 2011-08-19 06:02 - 02815488 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0419.tmp
2014-02-07 22:31 - 2010-01-28 13:18 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2014-02-05 20:02 - 2005-05-05 14:00 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-05 20:01 - 2005-04-21 20:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-05 19:15 - 2013-02-25 10:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 19:15 - 2011-06-28 05:05 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-04 23:33 - 2014-01-19 13:05 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-04 23:20 - 2008-06-16 21:08 - 00316144 _____ () C:\WINDOWS\setupact.log
2014-02-03 11:25 - 2001-08-23 11:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-02 23:13 - 2011-08-19 06:02 - 02876416 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL3330.tmp
2014-01-25 19:39 - 2014-01-25 19:37 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-25 19:39 - 2008-08-17 21:27 - 00000000 ____D () C:\Program Files\Java
2014-01-25 17:58 - 2011-04-04 11:13 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-25 11:19 - 2010-02-26 11:47 - 00002516 ___SH () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2014-01-23 01:13 - 2005-04-21 20:24 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-01-23 01:13 - 2005-04-21 20:24 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-01-22 20:57 - 2014-01-22 20:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012214-01.dmp
2014-01-22 20:57 - 2012-03-12 21:52 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-22 20:56 - 2008-07-11 22:08 - 535715840 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 20:47 - 2008-08-06 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-22 20:36 - 2010-01-28 12:34 - 00000000 ____D () C:\Documents and Settings\stamenko\Application Data\vlc
2014-01-22 19:21 - 2010-05-16 14:59 - 00013121 _____ () C:\WINDOWS\KB952011.log
2014-01-22 19:21 - 2009-06-16 06:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-01-22 19:21 - 2005-04-20 01:55 - 01252737 _____ () C:\WINDOWS\FaxSetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00914872 _____ () C:\WINDOWS\ocgen.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00813123 _____ () C:\WINDOWS\iis6.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00646347 _____ () C:\WINDOWS\tsoc.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00622948 _____ () C:\WINDOWS\msmqinst.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00524278 _____ () C:\WINDOWS\comsetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00205028 _____ () C:\WINDOWS\netfxocm.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00178622 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00097517 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00066219 _____ () C:\WINDOWS\msgsocm.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00058474 _____ () C:\WINDOWS\ocmsn.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00051967 _____ () C:\WINDOWS\tabletoc.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-22 19:18 - 2010-05-16 15:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-01-22 19:16 - 2010-01-28 12:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-01-22 18:56 - 2007-07-18 17:24 - 00000000 ____D () C:\Download
2014-01-21 22:36 - 2014-01-21 22:36 - 00000000 __SHD () C:\Documents and Settings\stamenko\IECompatCache
2014-01-21 22:34 - 2014-01-21 22:34 - 00000000 __SHD () C:\Documents and Settings\stamenko\PrivacIE
2014-01-21 22:24 - 2014-01-21 22:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-01-21 22:24 - 2005-04-21 20:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-01-21 22:22 - 2008-03-24 20:39 - 00124183 _____ () C:\WINDOWS\spupdsvc.log
2014-01-21 22:15 - 2014-01-21 22:15 - 00000803 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 22:13 - 2014-01-21 22:13 - 00000000 __SHD () C:\Documents and Settings\stamenko\IETldCache
2014-01-21 22:13 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\Help
2014-01-21 22:05 - 2014-01-21 21:51 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-21 22:05 - 2013-03-02 10:42 - 00044934 _____ () C:\WINDOWS\ie8_main.log
2014-01-21 22:00 - 2014-01-21 21:54 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-21 22:00 - 2014-01-21 21:52 - 00041551 _____ () C:\WINDOWS\ie8.log
2014-01-21 22:00 - 2005-04-20 01:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-01-21 21:58 - 2008-03-24 19:22 - 00190875 _____ () C:\WINDOWS\updspapi.log
2014-01-21 21:57 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\Media
2014-01-21 21:12 - 2005-07-28 14:02 - 00000000 ____D () C:\Documents and Settings\stamenko\Local Settings\Application Data\Adobe
2014-01-21 17:22 - 2008-07-11 22:47 - 03223323 _____ () C:\WINDOWS\setupapi.log.0.old
2014-01-20 20:59 - 2014-01-20 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-19 13:05 - 2014-01-19 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-01-19 12:37 - 2011-08-19 06:02 - 02868224 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0020.tmp
2014-01-18 15:02 - 2014-01-18 15:02 - 00000792 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Windows Media Player.lnk
2014-01-18 15:02 - 2005-04-25 11:54 - 00070496 _____ () C:\WINDOWS\wmsetup.log
2014-01-18 14:48 - 2009-08-12 12:01 - 00000000 ____D () C:\Program Files\WWW
2014-01-17 16:32 - 2005-10-07 12:36 - 00058368 _____ () C:\Documents and Settings\stamenko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-17 16:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job
2014-01-17 09:51 - 2005-04-20 01:53 - 00000211 ___SH () C:\boot.ini
2014-01-17 09:51 - 2001-08-23 11:00 - 00000902 _____ () C:\WINDOWS\win.ini
2014-01-17 09:51 - 2001-08-23 11:00 - 00000246 _____ () C:\WINDOWS\system.ini
2014-01-14 14:03 - 2011-08-19 06:02 - 02740736 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL3666.tmp
2014-01-14 14:01 - 2011-08-19 06:02 - 02738688 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1501.tmp
2014-01-13 22:42 - 2011-08-19 06:02 - 02735616 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1910.tmp

Files to move or delete:
====================
C:\Documents and Settings\stamenko\ffpw.dat
C:\Documents and Settings\stamenko\mail.dat
C:\Documents and Settings\stamenko\mess.dat


Some content of TEMP:
====================
C:\Documents and Settings\stamenko\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 1033728 ____A (Microsoft Corporation) e0ee428f4777a3cd8760bad61f87abed

C:\WINDOWS\system32\winlogon.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0507904 ____A (Microsoft Corporation) 45ffe966290b9c4ba659325561de4830

C:\WINDOWS\system32\svchost.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0014336 ____A (Microsoft Corporation) 0c82b0ae50bb2bc8a96a753f4edc495f

C:\WINDOWS\system32\services.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0108544 ____A (Microsoft Corporation) 76727219614a50b2db29bd0cda4260d5

C:\WINDOWS\system32\User32.dll
[2004-08-03 21:56] - [2009-08-24 21:21] - 0578560 ____A (Microsoft Corporation) 6c74c62ecdc3981a7f1f8f1656b27871

C:\WINDOWS\system32\userinit.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0026112 ____A (Microsoft Corporation) 813b2e9c4caea05fba51a442fab7a95d

C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:56] - [2007-11-30 23:25] - 0399360 ____A (Microsoft Corporation) 70aba737c26f576bd04f108e22fe8a8a

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 20:00] - [2007-11-30 16:25] - 0052352 ____A (Microsoft Corporation) 2abf037f9d447424b58d73706b55b762


==================== End Of Log ============================

Dopuna: 10 Feb 2014 20:28

evo i (Addition.txt):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by stamenko (administrator) on TRADICIJ-PHDH6Y on 10-02-2014 20:10:18
Running from C:\Documents and Settings\stamenko\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\System32\Ati2evxx.exe
() C:\WINDOWS\System32\acs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\tcpsvcs.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295072 2012-12-24] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [Google Update] - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [RunStartupScriptSync] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\system: [HideStartupScripts] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {0d397027-5bab-11dd-933c-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {167c5650-3e09-11dd-9264-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {23c7e1c0-37a0-11dd-9230-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {52931fd0-0d84-11dd-91ef-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {78bec810-3f5e-11dd-926a-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {8a0b0180-6d08-11dd-9372-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {b2fa67f0-0b10-11de-9520-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {c79b3100-6e8f-11dd-9378-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {caf98da1-5699-11dd-9318-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {ccebc070-51bc-11dd-92ee-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {ccebc071-51bc-11dd-92ee-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d0e8d0b1-0150-11dd-91d9-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d1cf2570-48da-11dd-92a6-000e352bce89} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {d8f95da0-704d-11dd-937d-00112fde9b0a} - E:\AutoRun.exe
HKU\S-1-5-21-515967899-854245398-1343024091-1003\...\MountPoints2: {f5731930-4480-11dd-9290-c313f52fbdc0} - E:\AutoRun.exe
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn.com/?ocid=OIE8HP&PC=UP62
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
Toolbar: HKLM - No Name - {89DE49C7-E350-4C8E-885B-A41F859B93C4} - No File
Toolbar: HKLM - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {fc3afa42-0f90-4da8-acc2-9b34687808ff} - No File
Winsock: Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog9 01 imon.dll File Not found ()
Winsock: Catalog9 02 imon.dll File Not found ()
Winsock: Catalog9 03 imon.dll File Not found ()
Winsock: Catalog9 04 imon.dll File Not found ()
Winsock: Catalog9 05 imon.dll File Not found ()
Winsock: Catalog9 06 imon.dll File Not found ()
Winsock: Catalog9 07 imon.dll File Not found ()
Winsock: Catalog9 15 imon.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default
FF user.js: detected! => C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\user.js
FF Homepage: google.rs/
FF Keyword.URL: hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\stamenko\Application Data\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\badoo.xml
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\fileserve.xml
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fileserve.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\vokabular.xml
FF Extension: Ant Video Downloader - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\anttoolbar@ant.com [2014-01-22]
FF Extension: Megaupload SX.3.2 - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\pbreak.br@gmail.com [2008-08-27]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\plugin2@gameplaylabs.com [2011-03-30]
FF Extension: GigaSize Toolbar - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4} [2010-06-11]
FF Extension: DownloadHelper - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2008-06-27]
FF Extension: Cooliris Previews - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2) [2008-06-03]
FF Extension: FlashGot - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-07-10]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-24]

Chrome:
=======
CHR Extension: (Google документи) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-27]
CHR Extension: (Google диск) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-27]
CHR Extension: (YouTube) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google претрага) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (RealDownloader) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-27]
CHR Extension: (Google новчаник) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\stamenko\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2007-11-30] (Microsoft Corporation)
R2 ACS; C:\WINDOWS\System32\acs.exe [36864 2005-05-04] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [397312 2004-04-01] ()
S2 gupdate1caa0115d702ca0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-28] (Google Inc.)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\System32\tcpsvcs.exe [19456 2001-08-23] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-10-02] ()
S2 MSMQ; C:\WINDOWS\System32\mqsvc.exe [4608 2007-11-30] (Microsoft Corporation)
S2 MSMQTriggers; C:\WINDOWS\System32\mqtgsvc.exe [117248 2007-11-30] (Microsoft Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2007-11-30] (Microsoft Corporation)
R2 Pctspk; C:\WINDOWS\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SMTPSVC; C:\WINDOWS\System32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2007-11-30] (Microsoft Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2006-11-02] (Meetinghouse Data Communications)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [18944 2006-01-22] (Aladdin Knowledge Systems)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
R2 CNCIO; C:\WINDOWS\system32\Drivers\CNCIO.sys [24976 2004-07-06] (Licensed for Flaming Lamps)
R2 ddnt; C:\WINDOWS\system32\drivers\ddnt.sys [8480 2006-06-02] ()
R2 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] ()
R2 hardlock; C:\WINDOWS\System32\drivers\hardlock.sys [461824 2006-01-22] (Aladdin Knowledge Systems)
R2 Haspnt; C:\WINDOWS\System32\drivers\Haspnt.sys [47616 2006-01-22] (Aladdin Knowledge Systems)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [197504 2003-11-19] (Conexant Systems, Inc.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2005-10-31] (Logix4u)
R2 io.sys; C:\WINDOWS\System32\drivers\io.sys [5152 2006-01-25] ()
R3 Mach2; C:\WINDOWS\System32\Drivers\Mach2.sys [99936 2005-05-21] (Your Corporation)
S3 Mach3; C:\WINDOWS\System32\Drivers\Mach3.sys [106240 2007-12-19] (Your Corporation)
R3 MQAC; C:\WINDOWS\System32\drivers\mqac.sys [92544 2007-11-30] (Microsoft Corporation)
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2007-11-30] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5786 2004-01-19] ()
S3 PCANDIS5; C:\Program Files\SparkLAN 11Mbps Wireless\PCANDIS5.SYS [16292 2001-04-19] (Printing Communications Assoc., Inc. (PCAUSA))
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2003-07-01] (Padus, Inc.)
S3 Ptserli; C:\WINDOWS\System32\DRIVERS\ptserli.sys [128286 2001-08-17] (PCTEL, INC.)
R3 Pulser; C:\WINDOWS\System32\Drivers\Pulser.sys [91679 2002-05-02] (Your Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2009-05-22] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [242640 2004-02-19] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225664 2007-11-30] (Microsoft Corporation)
R0 Vmodem; C:\WINDOWS\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.)
R0 Vpctcom; C:\WINDOWS\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.)
R0 Vvoice; C:\WINDOWS\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.)
S3 w22n51; C:\WINDOWS\System32\DRIVERS\w22n51.sys [1657344 2004-03-24] (Intel® Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\stamenko\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 hwdatacard; System32\DRIVERS\ewusbmdm.sys [X]
U5 Mtdrv; C:\Windows\System32\Drivers\Mtdrv.sys [99395 2003-11-20] (TRIMETA software GmbH)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2007-11-30] (Microsoft Corporation)
S3 zlportio; \??\C:\Program Files\cp09632\temp\zlportio.sys [X]
S2 zntport; \??\C:\WINDOWS\System32\zntport.sys [X]
U3 a6a3uvv2; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 20:08 - 2014-02-10 20:10 - 00000000 ____D () C:\FRST
2014-02-09 21:58 - 2014-02-09 21:58 - 00000204 _____ () C:\files.log
2014-02-09 21:49 - 2014-02-09 21:59 - 00000079 _____ () C:\folders.log
2014-02-09 21:49 - 2014-02-09 21:59 - 00000000 ____D () C:\zoek
2014-02-09 21:36 - 2014-02-09 18:29 - 00025409 _____ () C:\zoek-results2014-02-09-172919.log
2014-02-09 18:22 - 2014-02-09 21:59 - 00040358 _____ () C:\zoek-results.log
2014-02-09 18:16 - 2014-02-09 21:55 - 00000000 ____D () C:\zoek_backup
2014-02-09 18:11 - 2014-02-09 18:11 - 00000000 ____D () C:\Documents and Settings\stamenko\Desktop\zoek
2014-02-09 18:05 - 2014-02-09 18:06 - 04088082 _____ () C:\Documents and Settings\stamenko\Desktop\zoek.zip
2014-02-09 17:16 - 2014-02-09 17:16 - 00688992 ____R (Swearware) C:\Documents and Settings\stamenko\Desktop\dds.pif
2014-02-08 19:04 - 2014-02-10 14:49 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 19:04 - 2014-02-09 15:15 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 19:04 - 2014-02-08 19:04 - 00000332 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-07 22:26 - 2014-02-10 19:31 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-07 22:26 - 2014-02-09 22:31 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-01-25 19:39 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-25 19:39 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-25 19:39 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-25 19:39 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-25 19:37 - 2014-01-25 19:39 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-22 20:57 - 2014-01-22 20:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012214-01.dmp
2014-01-21 22:36 - 2014-01-21 22:36 - 00000000 __SHD () C:\Documents and Settings\stamenko\IECompatCache
2014-01-21 22:34 - 2014-01-21 22:34 - 00000000 __SHD () C:\Documents and Settings\stamenko\PrivacIE
2014-01-21 22:24 - 2014-01-21 22:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-01-21 22:15 - 2014-01-21 22:15 - 00000803 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 22:13 - 2014-01-21 22:13 - 00000000 __SHD () C:\Documents and Settings\stamenko\IETldCache
2014-01-21 21:54 - 2014-01-21 22:00 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-21 21:52 - 2014-01-21 22:00 - 00041551 _____ () C:\WINDOWS\ie8.log
2014-01-21 21:51 - 2014-01-21 22:05 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-20 20:59 - 2014-01-20 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-19 13:05 - 2014-02-04 23:33 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-19 13:05 - 2014-01-19 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-01-18 15:02 - 2014-01-18 15:02 - 00000792 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Windows Media Player.lnk

==================== One Month Modified Files and Folders =======

2014-02-10 20:10 - 2014-02-10 20:08 - 00000000 ____D () C:\FRST
2014-02-10 20:07 - 2013-02-25 10:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-10 19:37 - 2005-09-21 11:22 - 01928849 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 19:31 - 2014-02-07 22:26 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-10 19:15 - 2010-01-28 13:13 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 16:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-10 14:57 - 2008-07-11 22:47 - 00093354 _____ () C:\WINDOWS\setupapi.log
2014-02-10 14:53 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-02-10 14:49 - 2014-02-08 19:04 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2012-12-24 18:53 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2012-12-24 18:53 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-10 14:49 - 2010-01-28 13:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 14:49 - 2005-04-21 20:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 14:49 - 2005-04-20 01:57 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-10 14:49 - 2005-04-20 01:57 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-10 11:46 - 2008-05-17 22:20 - 00000041 _____ () C:\WINDOWS\Filzip.ini
2014-02-10 09:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-10 00:13 - 2005-04-25 11:37 - 00000278 ___SH () C:\Documents and Settings\stamenko\ntuser.ini
2014-02-10 00:12 - 2005-04-25 11:37 - 00000000 ____D () C:\Documents and Settings\stamenko
2014-02-09 23:31 - 2005-04-21 20:24 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-09 22:31 - 2014-02-07 22:26 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-02-09 21:59 - 2014-02-09 21:49 - 00000079 _____ () C:\folders.log
2014-02-09 21:59 - 2014-02-09 21:49 - 00000000 ____D () C:\zoek
2014-02-09 21:59 - 2014-02-09 18:22 - 00040358 _____ () C:\zoek-results.log
2014-02-09 21:58 - 2014-02-09 21:58 - 00000204 _____ () C:\files.log
2014-02-09 21:55 - 2014-02-09 18:16 - 00000000 ____D () C:\zoek_backup
2014-02-09 21:29 - 2005-10-09 20:29 - 00000414 ____H () C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job
2014-02-09 18:29 - 2014-02-09 21:36 - 00025409 _____ () C:\zoek-results2014-02-09-172919.log
2014-02-09 18:11 - 2014-02-09 18:11 - 00000000 ____D () C:\Documents and Settings\stamenko\Desktop\zoek
2014-02-09 18:06 - 2014-02-09 18:05 - 04088082 _____ () C:\Documents and Settings\stamenko\Desktop\zoek.zip
2014-02-09 17:16 - 2014-02-09 17:16 - 00688992 ____R (Swearware) C:\Documents and Settings\stamenko\Desktop\dds.pif
2014-02-09 15:15 - 2014-02-08 19:04 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-09 11:54 - 2011-08-19 03:54 - 00000000 ____D () C:\Documents and Settings\stamenko\My Documents\Word dokumenti
2014-02-09 11:25 - 2011-08-19 03:51 - 00000000 ____D () C:\Documents and Settings\stamenko\My Documents\PDF dokumenti
2014-02-08 19:49 - 2008-06-29 21:41 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-08 19:46 - 2005-04-20 01:55 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-08 19:28 - 2008-08-12 16:12 - 00000000 ____D () C:\Program Files\Winamp
2014-02-08 19:25 - 2008-01-22 21:26 - 00000000 ____D () C:\Program Files\Google
2014-02-08 19:04 - 2014-02-08 19:04 - 00000332 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job
2014-02-08 18:09 - 2011-08-19 06:02 - 02887680 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1117.tmp
2014-02-08 18:08 - 2011-08-19 06:02 - 02815488 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0439.tmp
2014-02-08 18:03 - 2011-08-19 06:02 - 02815488 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0419.tmp
2014-02-07 22:31 - 2010-01-28 13:18 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2014-02-05 20:02 - 2005-05-05 14:00 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-05 20:01 - 2005-04-21 20:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-05 19:15 - 2013-02-25 10:58 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 19:15 - 2011-06-28 05:05 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-04 23:33 - 2014-01-19 13:05 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-04 23:20 - 2008-06-16 21:08 - 00316144 _____ () C:\WINDOWS\setupact.log
2014-02-03 11:25 - 2001-08-23 11:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-02 23:13 - 2011-08-19 06:02 - 02876416 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL3330.tmp
2014-01-25 19:39 - 2014-01-25 19:37 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-25 19:39 - 2008-08-17 21:27 - 00000000 ____D () C:\Program Files\Java
2014-01-25 17:58 - 2011-04-04 11:13 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-25 11:19 - 2010-02-26 11:47 - 00002516 ___SH () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2014-01-23 01:13 - 2005-04-21 20:24 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-01-23 01:13 - 2005-04-21 20:24 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-01-22 20:57 - 2014-01-22 20:57 - 00065536 _____ () C:\WINDOWS\Minidump\Mini012214-01.dmp
2014-01-22 20:57 - 2012-03-12 21:52 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-22 20:56 - 2008-07-11 22:08 - 535715840 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 20:47 - 2008-08-06 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-22 20:36 - 2010-01-28 12:34 - 00000000 ____D () C:\Documents and Settings\stamenko\Application Data\vlc
2014-01-22 19:21 - 2010-05-16 14:59 - 00013121 _____ () C:\WINDOWS\KB952011.log
2014-01-22 19:21 - 2009-06-16 06:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-01-22 19:21 - 2005-04-20 01:55 - 01252737 _____ () C:\WINDOWS\FaxSetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00914872 _____ () C:\WINDOWS\ocgen.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00813123 _____ () C:\WINDOWS\iis6.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00646347 _____ () C:\WINDOWS\tsoc.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00622948 _____ () C:\WINDOWS\msmqinst.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00524278 _____ () C:\WINDOWS\comsetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00205028 _____ () C:\WINDOWS\netfxocm.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00178622 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00097517 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00066219 _____ () C:\WINDOWS\msgsocm.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00058474 _____ () C:\WINDOWS\ocmsn.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00051967 _____ () C:\WINDOWS\tabletoc.log
2014-01-22 19:21 - 2005-04-20 01:55 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-22 19:18 - 2010-05-16 15:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2014-01-22 19:16 - 2010-01-28 12:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-01-22 18:56 - 2007-07-18 17:24 - 00000000 ____D () C:\Download
2014-01-21 22:36 - 2014-01-21 22:36 - 00000000 __SHD () C:\Documents and Settings\stamenko\IECompatCache
2014-01-21 22:34 - 2014-01-21 22:34 - 00000000 __SHD () C:\Documents and Settings\stamenko\PrivacIE
2014-01-21 22:24 - 2014-01-21 22:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-01-21 22:24 - 2005-04-21 20:24 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-01-21 22:22 - 2008-03-24 20:39 - 00124183 _____ () C:\WINDOWS\spupdsvc.log
2014-01-21 22:15 - 2014-01-21 22:15 - 00000803 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 22:13 - 2014-01-21 22:13 - 00000000 __SHD () C:\Documents and Settings\stamenko\IETldCache
2014-01-21 22:13 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\Help
2014-01-21 22:05 - 2014-01-21 21:51 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-21 22:05 - 2013-03-02 10:42 - 00044934 _____ () C:\WINDOWS\ie8_main.log
2014-01-21 22:00 - 2014-01-21 21:54 - 00000000 __HDC () C:\WINDOWS\ie8
2014-01-21 22:00 - 2014-01-21 21:52 - 00041551 _____ () C:\WINDOWS\ie8.log
2014-01-21 22:00 - 2005-04-20 01:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-01-21 21:58 - 2008-03-24 19:22 - 00190875 _____ () C:\WINDOWS\updspapi.log
2014-01-21 21:57 - 2005-04-20 01:49 - 00000000 ____D () C:\WINDOWS\Media
2014-01-21 21:12 - 2005-07-28 14:02 - 00000000 ____D () C:\Documents and Settings\stamenko\Local Settings\Application Data\Adobe
2014-01-21 17:22 - 2008-07-11 22:47 - 03223323 _____ () C:\WINDOWS\setupapi.log.0.old
2014-01-20 20:59 - 2014-01-20 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-19 13:05 - 2014-01-19 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-01-19 12:37 - 2011-08-19 06:02 - 02868224 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL0020.tmp
2014-01-18 15:02 - 2014-01-18 15:02 - 00000792 _____ () C:\Documents and Settings\stamenko\Start Menu\Programs\Windows Media Player.lnk
2014-01-18 15:02 - 2005-04-25 11:54 - 00070496 _____ () C:\WINDOWS\wmsetup.log
2014-01-18 14:48 - 2009-08-12 12:01 - 00000000 ____D () C:\Program Files\WWW
2014-01-17 16:32 - 2005-10-07 12:36 - 00058368 _____ () C:\Documents and Settings\stamenko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-17 16:00 - 2007-09-03 14:28 - 00000414 ____H () C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job
2014-01-17 09:51 - 2005-04-20 01:53 - 00000211 ___SH () C:\boot.ini
2014-01-17 09:51 - 2001-08-23 11:00 - 00000902 _____ () C:\WINDOWS\win.ini
2014-01-17 09:51 - 2001-08-23 11:00 - 00000246 _____ () C:\WINDOWS\system.ini
2014-01-14 14:03 - 2011-08-19 06:02 - 02740736 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL3666.tmp
2014-01-14 14:01 - 2011-08-19 06:02 - 02738688 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1501.tmp
2014-01-13 22:42 - 2011-08-19 06:02 - 02735616 ____H () C:\Documents and Settings\stamenko\My Documents\~WRL1910.tmp

Files to move or delete:
====================
C:\Documents and Settings\stamenko\ffpw.dat
C:\Documents and Settings\stamenko\mail.dat
C:\Documents and Settings\stamenko\mess.dat


Some content of TEMP:
====================
C:\Documents and Settings\stamenko\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 1033728 ____A (Microsoft Corporation) e0ee428f4777a3cd8760bad61f87abed

C:\WINDOWS\system32\winlogon.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0507904 ____A (Microsoft Corporation) 45ffe966290b9c4ba659325561de4830

C:\WINDOWS\system32\svchost.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0014336 ____A (Microsoft Corporation) 0c82b0ae50bb2bc8a96a753f4edc495f

C:\WINDOWS\system32\services.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0108544 ____A (Microsoft Corporation) 76727219614a50b2db29bd0cda4260d5

C:\WINDOWS\system32\User32.dll
[2004-08-03 21:56] - [2009-08-24 21:21] - 0578560 ____A (Microsoft Corporation) 6c74c62ecdc3981a7f1f8f1656b27871

C:\WINDOWS\system32\userinit.exe
[2004-08-03 21:56] - [2007-11-30 23:26] - 0026112 ____A (Microsoft Corporation) 813b2e9c4caea05fba51a442fab7a95d

C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:56] - [2007-11-30 23:25] - 0399360 ____A (Microsoft Corporation) 70aba737c26f576bd04f108e22fe8a8a

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 20:00] - [2007-11-30 16:25] - 0052352 ____A (Microsoft Corporation) 2abf037f9d447424b58d73706b55b762


==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014
Ran by stamenko at 2014-02-10 20:12:32
Running from C:\Documents and Settings\stamenko\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator 9.0 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 7.0.9 (Version: 7.0.9 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Applian FLV Player (Version: 2.0.24 - Applian Technologies Inc.)
ArtCAM 2008 (Version: 2008 - Delcam Plc)
ArtCAM Gerber Spooler (Version: - )
ArtCAM Pro 8 (Version: 8.0 - Delcam)
ArtRead (Version: - )
ArtSurface (Version: - )
ASUS Wireless AP Utilities (Version: - )
ASUSDVD (Version: - )
ATI - Software Uninstall Utility (Version: 6.14.10.1005 - )
ATI Control Panel (Version: 6.14.10.5036 - )
ATI Display Driver (Version: 7.981-040127m-013427C - )
AutoDWG DWG DXF Converter (Version: - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
CamStudio (Version: - )
Corel Uninstaller (Version: - )
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (Version: - Corel Corporation)
Filzip 3.06 (Version: 3.0.6 - Philipp Engel)
FlashGet 1.9.6.1073 (Version: 1.9.6.1073 - FlashGet.com)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP LaserJet 1200 Uninstaller (Version: - )
Icon Restore 1.0 (Version: - Tim Taylor)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (Version: 6.0.260 - Sun Microsystems, Inc.)
Mach3 Mach3Version D1.90.075 (Version: Mach3Version D1.90.075 - ArtSoft CNC Software Inc.)
Macromedia Dreamweaver MX 2004 (Version: 7.0 - Macromedia)
Macromedia Fireworks MX 2004 (Version: 7 - Macromedia)
Magic ISO Maker v5.4 (build 0239) (Version: - )
Medi@Show (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.0 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.0 (Version: 3.0.04506.30 - Microsoft Corporation) Hidden
Microsoft ActiveSync (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Serbian (Latin)) (Version: 12.0.4518.1048 - Microsoft

Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 -

Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft

Corporation)
Mozilla Firefox 12.0 (x86 sr) (Version: 12.0 - Mozilla)
Nero OEM (Version: - )
NeroMediaPlayer (Version: - )
NeroVision Express (Version: - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (Version: 3.9 - Google, Inc.)
Picture Package (Version: 1.00.000 - )
quick3D Geometry [shareware] (Version: Version 4.0 - quick3D)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SecureZIP for Windows 8.00.0038 (Version: 8.00.0038 - PKWARE, Inc)
SigmaTel AC97 Audio Drivers (Version: - )
Skype™ 5.5 (Version: 5.5.124 - Skype Technologies S.A.)
Sony USB Driver (Version: - )
SparkLAN Wireless LAN Adapter (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (Version: - )
TP-LINK Wireless Client Installation Program (Version: - TP-LINK)
VBA (3821b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VCarve Pro 6.0 (Version: 6.0 - Vectric)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Web Page Maker V3.0 (Version: - Web Page Maker Software Company, Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Communication Foundation (Version: 3.0.04506.30 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0 - Microsoft

Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (Version: - )
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Workflow Foundation (Version: 3.0.4203.2 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20071130.213629 - Microsoft Corporation)
WinISO 5.3 (Version: - WinISO Computing Inc.)
WinRAR archiver (Version: - )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

05-02-2014 19:24:11 System Checkpoint
08-02-2014 18:24:55 Removed Google+ Auto Backup
08-02-2014 18:35:57 Removed Bing Bar
09-02-2014 17:22:47 zoek.exe restore point

==================== Hosts content: ==========================

2001-08-23 11:00 - 2008-09-14 15:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job =>

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job =>

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
Task:

C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job

=> C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task:

C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job =>

C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task:

C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.jo

b => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-854245398-1343024091-1003.job

=> C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task:

C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-854245398-1343024091-1003.job =>

C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job =>

C:\WINDOWS\system32\mobsync.exe
Task: C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job =>

C:\WINDOWS\system32\mobsync.exe
Task: C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job =>

C:\WINDOWS\system32\mobsync.exe
Task: C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job =>

C:\WINDOWS\system32\mobsync.exe

==================== Loaded Modules (whitelisted) =============

2004-04-01 20:43 - 2004-04-01 20:43 - 00397312 _____ () C:\WINDOWS\System32\Ati2evxx.exe
2008-03-25 14:27 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2006-11-02 17:31 - 2005-05-04 23:52 - 00036864 _____ () C:\WINDOWS\System32\acs.exe
2012-12-24 21:32 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir

Desktop\sqlite3.dll
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program

Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-12-21 11:20 - 1997-11-07 17:22 - 00899584 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2004-08-03 21:56 - 2007-11-30 23:25 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-03 21:56 - 2007-11-30 23:25 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-07-04 08:22 - 2013-07-04 08:22 - 04591616 _____ () C:\Documents and Settings\stamenko\Local

Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-07-04 08:22 - 2013-07-04 08:22 - 00112128 _____ () C:\Documents and Settings\stamenko\Local

Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
2014-02-04 23:28 - 2014-02-02 00:42 - 04055368 _____ () C:\Program

Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 23:30 - 2014-02-02 00:42 - 00399688 _____ () C:\Program

Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 23:27 - 2014-02-02 00:41 - 01634632 _____ () C:\Program

Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable

Device wizard. Follow the instructions.

Name: Intel(R) PRO/Wireless 2200BG Network Connection
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel(R) Corporation
Service: w22n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable

Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 10:11:10 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:10 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:09 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).

Error: (02/09/2014 10:11:08 PM) (Source: ESENT) (User: )
Description: svchost (1880) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"

failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail

with error -1032 (0xfffffbf8).


System errors:
=============
Error: (02/10/2014 02:56:42 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the

COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the

Component Services administrative tool.

Error: (02/10/2014 02:49:57 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/10/2014 02:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing Triggers service depends on the Message Queuing service which failed

to start because of the following error:
%%1068

Error: (02/10/2014 02:49:57 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing service depends on the Server service which failed to start because

of the following error:
%%1058

Error: (02/10/2014 02:49:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the

COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the

Component Services administrative tool.

Error: (02/10/2014 02:49:08 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00112FDE9B0A

has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/10/2014 11:30:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the

COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the

Component Services administrative tool.

Error: (02/10/2014 11:29:30 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/10/2014 11:29:30 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to

connect.

Error: (02/10/2014 11:22:54 AM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/09/2014 10:11:10 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:10 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:09 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.

Error: (02/09/2014 10:11:08 PM) (Source: ESENT)(User: )
Description: svchost1880C:\WINDOWS\system32\CatRoot2\tmp.edb-1032 (0xfffffbf8)5 (0x00000005)Access is

denied.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 510.8 MB
Available physical RAM: 96.14 MB
Total Pagefile: 1351.55 MB
Available Pagefile: 652.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.89 GB) (Free:3.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: A8D32665)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\badoo.xml
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://badoo.com/startpage/?source=bsb&q={searchTerms}
FF Extension: GigaSize Toolbar - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4} [2010-06-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {89DE49C7-E350-4C8E-885B-A41F859B93C4} - No File
Toolbar: HKLM - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum




Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Feb 2014 1:15

Evo saljem (Fixlog):

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by stamenko at 2014-02-11 01:08:24 Run:1
Running from C:\Documents and Settings\stamenko\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF SearchPlugin: C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\badoo.xml
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = badoo.com/startpage/?source=bsb&q={searchTerms}
FF Extension: GigaSize Toolbar - C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4} [2010-06-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {89DE49C7-E350-4C8E-885B-A41F859B93C4} - No File
Toolbar: HKLM - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
*****************

C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\searchplugins\badoo.xml => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8A244612-A1F7-11E0-95C0-E71F4824019B} => Key not found.
C:\Documents and Settings\stamenko\Application Data\Mozilla\Firefox\Profiles\k81cvjau.default\Extensions\{89DE49C7-E350-4C8E-885B-A41F859B93C4} => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{89DE49C7-E350-4C8E-885B-A41F859B93C4} => Value deleted successfully.
HKCR\CLSID\{89DE49C7-E350-4C8E-885B-A41F859B93C4} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0E91EFA2-AF48-4333-9965-5DD29DE31B56} => Value deleted successfully.
HKCR\CLSID\{0E91EFA2-AF48-4333-9965-5DD29DE31B56} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value deleted successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} => Value deleted successfully.
HKCR\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E91EFA2-AF48-4333-9965-5DD29DE31B56} => Value deleted successfully.
HKCR\CLSID\{0E91EFA2-AF48-4333-9965-5DD29DE31B56} => Key not found.

==== End of Fixlog ====

Dopuna: 11 Feb 2014 2:04

Stanje je isto...