MyCity » Ambulanta -> Arhiva Ambulante » Crash nakon odredjenoga vremena

Crash nakon odredjenoga vremena

Napisano na dan: 29.9.2014
1

Crash nakon odredjenoga vremena
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Sep 2014 13:19
Idi na vrh
offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 435

Prvo kada igram igricu pes12, odigram prvo poluvreme tj. pred kraj prvog poluvremena pocinje da steka ili da koci, onda kada igram war3(dotu) igram jedno 20 minuta i onda pocne nenormalno stekanje, sinoc na bs palejeru gledam seriju i u 37 minutu isto tako samo odjednom pocne da koci i tekst i slika i zvuk i ne moguce je da se gleda, ujedno mi zastopa i cjeli kopm pa moram restart, tako isto i pesom kad sam igrao i kad izadjem samo kres, ne shvatam u cemu je problem, pre je sve radilo normalno...

[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02
Ran by JUNGA (administrator) on JUNG on 29-09-2014 12:52:04
Running from C:\Documents and Settings\JUNGA\My Documents\Downloads
Loaded Profile: JUNGA (Available profiles: JUNGA & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Documents and Settings\JUNGA\Local Settings\Application Data\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-11] (AVAST Software)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1368064 2004-04-01] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [794624 2004-03-26] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-484763869-2146843535-1417001333-1003\...\Run: [LightShot] => C:\Documents and Settings\JUNGA\Local Settings\Application Data\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-484763869-2146843535-1417001333-1003\...\MountPoints2: {c3f15d5d-46ff-11e4-b4f7-00112ff83d99} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\JUNGA\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Documents and Settings\JUNGA\Local Settings\Application Data\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-11]

Chrome:
=======
CHR HomePage: Default ->
CHR CustomProfile: C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-11]
CHR Extension: (Google документи) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google диск) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-09-22]
CHR Extension: (YouTube) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Download FB Album mod) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-08-23]
CHR Extension: (Google претрага) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Video download helper) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbkchnicaiglcjpgbmpfmoafckkomdcm [2014-08-11]
CHR Extension: (Slagalica fer igra - Ludara.com) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpifakoabdhigpeebhalfkjkoidenba [2014-08-11]
CHR Extension: (Quick Javascript Switcher) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2014-08-11]
CHR Extension: (AdBlock) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-11]
CHR Extension: (Hide My AdBlocker) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2014-08-11]
CHR Extension: (Hola Better Internet) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-11]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-11]
CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-09-22]
CHR Extension: (pricechop) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp [2014-09-01]
CHR Extension: (Google новчаник) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Gmail) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR Extension: (pricechop) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9 [2014-09-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-11] (AVAST Software)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-11] (Oracle Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-11] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-11] ()
S3 MidiSyn; C:\WINDOWS\System32\drivers\MidiSyn.sys [235100 2002-09-21] (Analog Devices Inc)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2004-04-27] (Sensaura)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [174464 2003-11-10] (Marvell Semiconductor Inc.)
S4 IntelIde; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 12:51 - 2014-09-29 12:52 - 00000000 ____D () C:\FRST
2014-09-28 13:25 - 2014-09-28 13:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DatacardService
2014-09-28 13:24 - 2014-09-28 13:59 - 00000000 ____D () C:\Documents and Settings\JUNGA\Desktop\New Folder (2)
2014-09-27 19:47 - 2002-12-29 01:14 - 00081920 _____ () C:\WINDOWS\system32\Startup.cpl
2014-09-25 13:37 - 2014-09-25 14:11 - 00006008 _____ () C:\Documents and Settings\JUNGA\Desktop\New Text Document.txt
2014-09-22 23:58 - 2014-09-23 00:00 - 00000000 ____D () C:\Documents and Settings\JUNGA\Desktop\New Folder (3)
2014-09-22 21:48 - 2014-09-22 21:48 - 13674406 _____ () C:\Documents and Settings\JUNGA\Desktop\dbr.wav
2014-09-19 10:32 - 2014-09-19 10:32 - 00000000 ___RD () C:\Program Files\Skype
2014-09-19 10:32 - 2014-09-19 10:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-19 10:32 - 2014-09-19 10:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-09-18 02:30 - 2014-09-18 02:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-16 19:12 - 2014-09-16 19:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
2014-09-16 19:12 - 2014-09-16 19:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2014-09-16 18:57 - 2014-09-17 01:52 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\TuneUp Software
2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\TuneUp Software
2014-09-16 18:49 - 2014-09-16 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2014-09-16 18:48 - 2014-09-16 18:48 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-09-16 18:45 - 2014-09-16 18:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GRETECH
2014-09-15 10:12 - 2014-09-15 10:12 - 00000000 ____D () C:\Program Files\Marvell
2014-09-07 22:35 - 2014-09-07 22:35 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-07 22:33 - 2014-09-07 22:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-07 22:33 - 2014-09-07 22:33 - 00000000 ____D () C:\Program Files\Adobe
2014-09-07 22:31 - 2014-09-07 22:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-09-07 22:21 - 2014-09-07 22:37 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Adobe
2014-09-05 21:38 - 2014-09-29 00:43 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-2146843535-1417001333-1003UA.job
2014-09-05 21:38 - 2014-09-28 21:43 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-2146843535-1417001333-1003Core.job
2014-09-05 21:38 - 2014-09-05 21:39 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Facebook
2014-09-05 13:22 - 2014-09-16 18:44 - 00000856 _____ () C:\Documents and Settings\JUNGA\Start Menu\GOM Player.lnk
2014-09-05 13:22 - 2014-09-05 13:22 - 00000000 ____D () C:\Program Files\GRETECH
2014-09-05 13:22 - 2014-09-05 13:22 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\GRETECH
2014-09-05 13:22 - 2014-09-05 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
2014-09-02 19:56 - 2014-09-02 19:56 - 00000000 ____D () C:\Documents and Settings\JUNGA\Desktop\New Folder
2014-09-01 19:02 - 2014-09-01 19:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
2014-09-01 18:45 - 2014-09-01 18:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\KONAMI
2014-09-01 18:31 - 2014-09-01 18:31 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\KONAMI
2014-09-01 17:45 - 2014-09-01 17:45 - 00000394 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Torch
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Comodo
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Chromatic Browser
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Guest
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\222456a3e1d9af1a
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2014-09-01 17:45 - 2014-09-01 17:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-30 15:48 - 2014-08-30 15:48 - 00000044 _____ () C:\WINDOWS\wawx_dumpreg64.dll
2014-08-30 15:48 - 2014-08-30 15:48 - 00000044 _____ () C:\Documents and Settings\JUNGA\Application Data\twow_sysprepdt.dat
2014-08-30 15:47 - 2014-08-30 15:47 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\Eurobattle.net
2014-08-30 15:44 - 2014-08-30 15:47 - 00000000 ____D () C:\Program Files\Eurobattle.net
2014-08-30 15:44 - 2014-08-30 15:44 - 00000692 _____ () C:\Documents and Settings\JUNGA\Desktop\Eurobattle.net Client.lnk
2014-08-30 15:12 - 2014-09-29 00:52 - 00000000 ____D () C:\Documents and Settings\JUNGA\Desktop\Warcraft III

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 12:53 - 2014-08-11 01:35 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Temp
2014-09-29 12:44 - 2014-08-11 01:26 - 01658021 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-29 12:43 - 2014-08-11 02:03 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-29 12:43 - 2014-08-11 01:44 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 12:43 - 2014-08-11 01:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-29 11:55 - 2014-08-11 01:44 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 00:56 - 2014-08-11 03:14 - 00175436 _____ () C:\WINDOWS\setupact.log
2014-09-29 00:22 - 2014-08-11 23:54 - 00000376 _____ () C:\WINDOWS\Tasks\update-sys.job
2014-09-29 00:01 - 2014-08-15 09:41 - 00014848 _____ () C:\Documents and Settings\JUNGA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 23:15 - 2014-08-11 01:35 - 00000000 ____D () C:\Documents and Settings\JUNGA
2014-09-28 19:29 - 2014-08-11 23:54 - 00000376 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-484763869-2146843535-1417001333-1003.job
2014-09-28 18:55 - 2014-08-11 11:49 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-09-28 18:55 - 2014-08-11 01:35 - 00000178 ___SH () C:\Documents and Settings\JUNGA\ntuser.ini
2014-09-28 18:55 - 2014-08-11 01:33 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-28 13:46 - 2014-08-11 03:14 - 00966174 _____ () C:\WINDOWS\setupapi.log
2014-09-28 13:43 - 2014-08-19 20:43 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\Skype
2014-09-28 13:41 - 2014-08-12 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-09-28 02:11 - 2014-08-11 10:53 - 00000340 _____ () C:\WINDOWS\Tasks\Driver Robot.job
2014-09-27 19:25 - 2014-08-11 03:13 - 00000211 ___SH () C:\boot.ini
2014-09-27 19:25 - 2001-08-23 13:00 - 00000638 _____ () C:\WINDOWS\win.ini
2014-09-27 19:25 - 2001-08-23 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-26 11:35 - 2001-08-23 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 12:11 - 2014-08-14 12:35 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\uTorrent
2014-09-19 10:32 - 2014-08-19 20:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-09-18 11:56 - 2014-08-11 03:09 - 00000000 ____D () C:\WINDOWS\java
2014-09-15 19:29 - 2014-08-11 23:54 - 00000506 _____ () C:\Documents and Settings\JUNGA\Local Settings\Application Data\UserProducts.xml
2014-09-15 19:29 - 2014-08-11 23:54 - 00000000 ____D () C:\Documents and Settings\JUNGA\Start Menu\Programs\Lightshot
2014-09-10 22:08 - 2014-08-11 13:18 - 00000000 ____D () C:\Documents and Settings\JUNGA\My Documents\The KMPlayer
2014-09-07 22:37 - 2014-08-22 13:08 - 00000000 ____D () C:\Documents and Settings\JUNGA\Application Data\Adobe
2014-09-05 21:39 - 2014-08-11 02:05 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Temp
2014-09-01 18:45 - 2014-08-26 13:52 - 00000000 ____D () C:\Program Files\Empire Interactive
2014-09-01 18:45 - 2014-08-11 11:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-01 18:43 - 2014-08-23 01:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-09-01 18:30 - 2014-08-23 01:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-09-01 17:45 - 2014-08-11 01:44 - 00000000 ____D () C:\Program Files\Google
2014-09-01 17:45 - 2014-08-11 01:44 - 00000000 ____D () C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google
2014-08-31 18:50 - 2014-08-11 01:45 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-30 17:28 - 2014-08-11 03:14 - 00108600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-30 17:28 - 2014-08-11 01:37 - 00016768 _____ () C:\Documents and Settings\JUNGA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Documents and Settings\JUNGA\Local Settings\Temp\1_flashplayer.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\JUNGA\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwaa6gl.dll
C:\Documents and Settings\JUNGA\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\JUNGA\Local Settings\Temp\GomEncDnInstaller.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\nsb9C5.tmp.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\safeguard.exe
C:\Documents and Settings\JUNGA\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\JUNGA\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



Poslao: 29 Sep 2014 14:49
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
HKU\S-1-5-21-484763869-2146843535-1417001333-1003\...\MountPoints2: {c3f15d5d-46ff-11e4-b4f7-00112ff83d99} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR Extension: (pricechop) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp [2014-09-01]
C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
CHR Extension: (pricechop) - C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9 [2014-09-01]
C:\Documents and Settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
EmptyTemp:
CMD: bitsadmin /reset /allusers
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Poslao: 29 Sep 2014 15:19
Idi na vrh
offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 435

[Link mogu videti samo ulogovani korisnici]

Poslao: 29 Sep 2014 15:32
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Sad isprati kako se ponasa pa javi stanje.

Poslao: 29 Sep 2014 20:56
Idi na vrh
offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 435

Jedva napisah ovo, sada mi mi izbacuje ovo [Link mogu videti samo ulogovani korisnici] dok sam na Guglu, zaboravih da napisem i da mi se racunar isto tako sporo pali onaj log od Windowsa se ucitva pola godine, a oficijalni zvuk kad se upali cuje se nekako usporeno, i ima jos ovaj problem, iz cista mira kad sam na netu, nema veze koja je stranica, kliknem npr. na sliku ili na jutjub neki video samo mi se odjednom otvori, iskoci nova stranica ili me cak direktno preusmjeri na tu neku stranicu ne znam koja je sada, kada se ponovo to desi okacicu ovdje SS...

Poslao: 29 Sep 2014 21:01
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Korak 1



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt





Korak 2


Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.

- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.



• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.

• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.



Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

Poslao: 30 Sep 2014 00:07
Idi na vrh
offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 435

Napisano: 29 Sep 2014 22:41

pOSLJE ovoga restarta izleti mi opet neki error, pritisecem dugme na tastaturi da ga fotografisem ali nista se ne desava udjem u start kad ono lightshot izbrisan, nemam pojam kako vjerovatno u ovom cisecnju..evo slike od erroa [Link mogu videti samo ulogovani korisnici]
izvjestaji:

[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]

Dopuna: 30 Sep 2014 0:07

Igram Dot-u skoro kraj igre, probijamo im bazu, ne steka sve fino, mozda dva puta u toku igre desilo se manje stekanje od nekih 3-5 sekudnih.. Kad odjednom samo mi restart puce pa je%^^$£m ti racunar i sve :p Smile

Poslao: 30 Sep 2014 14:50
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Iz te slike ne mogu nista da zakljucim. Da odradimo jos jednu proceru.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

Poslao: 30 Sep 2014 21:32
Idi na vrh
offline
  • bios1  Male
  • Ugledni građanin
  • Pridružio: 18 Jan 2012
  • Poruke: 435

ComboFix 14-09-29.02 - JUNGA 09/30/2014 20:55:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.659 [GMT 2:00]
Running from: c:\documents and settings\JUNGA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nlhdndkaidfjgljicelephophjafongl_0.localstorage
c:\documents and settings\JUNGA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\background.html
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\content.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lCQIWmK.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\lsdb.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\manifest.json
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0Htz.js
c:\documents and settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\mpbnnlmpgmcnjogffdnjjjphpbdnmobp\3.9\o0mF.js
C:\install.exe
c:\windows\wawx_dumpreg64.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-30 )))))))))))))))))))))))))))))))
.
.
2014-09-30 20:34 . 2014-09-30 20:34 -------- d-----w- c:\program files\Skillbrains
2014-09-30 20:34 . 2014-09-30 20:34 -------- d-----w- c:\documents and settings\JUNGA\Local Settings\Application Data\Skillbrains
2014-09-30 19:12 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-30 19:11 . 2014-09-30 17:39 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-30 19:08 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-30 19:08 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-30 19:08 . 2014-09-30 19:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-30 19:05 . 2014-09-30 20:21 -------- d-----w- C:\AdwCleaner
2014-09-29 10:51 . 2014-09-29 12:45 -------- d-----w- C:\FRST
2014-09-28 11:25 . 2014-09-28 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DatacardService
2014-09-27 17:47 . 2002-12-28 23:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2014-09-19 08:32 . 2014-09-19 08:32 -------- d-----w- c:\program files\Common Files\Skype
2014-09-19 08:32 . 2014-09-19 08:32 -------- d-----r- c:\program files\Skype
2014-09-18 00:30 . 2014-09-18 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-09-16 17:12 . 2014-09-16 17:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\TuneUp Software
2014-09-16 17:12 . 2014-09-16 17:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2014-09-16 16:56 . 2014-09-16 16:56 -------- d-----w- c:\documents and settings\JUNGA\Local Settings\Application Data\TuneUp Software
2014-09-16 16:56 . 2014-09-16 16:56 -------- d-----w- c:\documents and settings\JUNGA\Application Data\TuneUp Software
2014-09-16 16:49 . 2014-09-16 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2014-09-16 16:48 . 2014-09-16 16:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-09-16 16:48 . 2014-09-16 16:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-09-16 16:45 . 2014-09-16 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2014-09-15 08:12 . 2014-09-15 08:12 -------- d-----w- c:\program files\Marvell
2014-09-07 20:33 . 2014-09-07 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2014-09-07 20:21 . 2014-09-07 20:37 -------- d-----w- c:\documents and settings\JUNGA\Local Settings\Application Data\Adobe
2014-09-05 19:38 . 2014-09-05 19:39 -------- d-----w- c:\documents and settings\JUNGA\Local Settings\Application Data\Facebook
2014-09-05 11:22 . 2014-09-05 11:22 -------- d-----w- c:\documents and settings\JUNGA\Application Data\GRETECH
2014-09-05 11:22 . 2014-09-05 11:22 -------- d-----w- c:\program files\GRETECH
2014-09-01 16:45 . 2014-09-01 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2014-09-01 15:45 . 2014-09-29 12:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\222456a3e1d9af1a
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\JUNGA\Local Settings\Application Data\Comodo
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Comodo
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\HelpAssistant
2014-09-01 15:45 . 2014-09-01 15:45 -------- d-----w- c:\documents and settings\Guest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-23 11:51 . 2014-08-23 11:51 2710 ----a-w- C:\STF2C.tmp
2014-08-22 11:08 . 2014-08-22 11:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-22 11:08 . 2014-08-22 11:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-11 11:02 . 2014-08-11 11:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-11 11:02 . 2014-08-11 11:03 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-11 00:03 . 2014-08-10 23:59 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-10 23:59 . 2014-08-10 23:59 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-10 23:59 . 2014-08-10 23:59 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-10 23:59 . 2014-08-10 23:59 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 23:59 . 2014-08-10 23:59 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 23:59 . 2014-08-10 23:59 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-10 23:59 . 2014-08-10 23:59 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 23:59 . 2014-08-10 23:59 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-10 23:59 . 2014-08-10 23:59 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-10 23:59 . 2014-08-10 23:59 43152 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-10 23:59 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\documents and settings\JUNGA\Local Settings\Application Data\Skillbrains\lightshot\Lightshot.exe" [2014-06-18 226560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-11 4085896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-09-05 19:38 138096 ----atw- c:\documents and settings\JUNGA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Documents and Settings\\JUNGA\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\Eurobattle.net\\gproxy.exe"=
"c:\\Documents and Settings\\JUNGA\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/11/2014 1:59 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/11/2014 1:59 AM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/11/2014 1:59 AM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/11/2014 1:59 AM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/11/2014 1:59 AM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/11/2014 1:59 AM 67824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [9/30/2014 9:08 PM 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [9/30/2014 9:08 PM 860472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/30/2014 9:08 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [9/30/2014 9:11 PM 110296]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 8:21 PM 315008]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [4/12/2013 12:33 PM 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 06:56 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-10 23:59]
.
2014-09-28 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2014-08-11 08:54]
.
2014-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-2146843535-1417001333-1003Core.job
- c:\documents and settings\JUNGA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-09-05 19:38]
.
2014-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-2146843535-1417001333-1003UA.job
- c:\documents and settings\JUNGA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-09-05 19:38]
.
2014-10-01 c:\windows\Tasks\update-S-1-5-21-484763869-2146843535-1417001333-1003.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-09-30 16:44]
.
2014-10-01 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-09-30 16:44]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2014-09-30 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-09-30 21:10:26
ComboFix-quarantined-files.txt 2014-09-30 19:10
.
Pre-Run: 15,260,078,080 bytes free
Post-Run: 15,223,205,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F92AB017281C7692630FCD2A65E44627
8F558EB6672622401DA993E1E865C861

Poslao: 30 Sep 2014 21:49
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kakvo je stanje sada?

MyCity » Ambulanta -> Arhiva Ambulante » Crash nakon odredjenoga vremena

Ko je trenutno na forumu
 

Ukupno su 1061 korisnika na forumu :: 20 registrovanih, 2 sakrivenih i 1039 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, bojcistv, esx66, ibssa, icemilos, Jozo74, Konda, lakson001, lcc, Paklenica, pein, PrincipL, RD84, Sagotolio, Saša31LPB, shaja1, Slingshot, Szigetwar, uruk, vaci