MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 5.6.2015
2

Provera
Pagination Prethodna strana

Idi na vrh

Poslao: 06 Jun 2015 13:25
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Nije loše.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Nikola (administrator) on KOLE on 06-06-2015 13:08:30
Running from C:\Users\Nikola\Desktop\Ambulanta
Loaded Profiles: UpdatusUser & Nikola (Available Profiles: tata & car017 & UpdatusUser & Nikola & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(LogMeIn Inc.) D:\Game Instalacion\hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Game Instalacion\hamachi\LMIGuardianSvc.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKLM\...\Policies\Explorer: [StartMenuFavorites] 1
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
HKU\S-1-5-21-1645522239-2147080141-839522115-1212\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-1645522239-2147080141-839522115-1212\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-2147080141-839522115-1212\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: [S-1-5-21-1645522239-2147080141-839522115-1010] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645522239-2147080141-839522115-1212 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-12] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-12] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5C.....5113017140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5C.....5113007281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office 2007\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Nikola\Application Data\Mozilla\Firefox\Profiles\eu30l7f0.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2012-01-14] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2012-01-14] (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-2147080141-839522115-1212: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nikola\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010-09-07] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-03-24] (RealPlayer)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-09-26] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://google.rs/
CHR StartupUrls: Default -> "hxxp://google.rs/"
CHR Profile: C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-06-01]
CHR Extension: (Google Drive) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (YouTube) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Adblock Plus) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-15]
CHR Extension: (Google Search) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Nikola\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKU\S-1-5-21-1645522239-2147080141-839522115-1212\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\Nikola\Application Data\Opera Software\Opera Stable\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-05-02]
OPR Extension: (Adblock Plus) - C:\Users\Nikola\Application Data\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-03-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\system32\EasyAntiCheat.exe [238376 2015-05-27] (EasyAntiCheat Ltd) [File not signed]
R2 Hamachi2Svc; D:\Game Instalacion\hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.)
R2 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S4 msvsmon90; D:\Nikola\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation)
S3 Skype C2C Service; C:\Users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices) [File not signed]
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare) [File not signed]
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1331136 2008-01-17] (Atheros Communications, Inc.)
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16512 2002-05-06] (Adaptec) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-27] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-27] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-27] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-27] ()
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [165376 2011-09-01] () [File not signed]
S3 CA561; C:\WINDOWS\System32\Drivers\SPCA561.SYS [119798 2002-09-30] (SP) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-03-28] (Disc Soft Ltd)
R0 fvxscsi; C:\WINDOWS\System32\DRIVERS\fvxscsi.sys [85192 2013-08-22] (FarStone Inc.)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-05-22] (Glarysoft Ltd)
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [460800 2012-03-11] (Aladdin Knowledge Systems) [File not signed]
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [18048 2011-09-01] () [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-07-12] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54400 2008-03-25] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-03-25] (NVIDIA Corporation)
R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2006-11-08] (Microsoft Corporation) [File not signed]
S3 SCREAMINGBDRIVER; C:\WINDOWS\System32\drivers\ScreamingBAudio.sys [23064 2009-04-06] (Screaming Bee LLC)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-03-27] (Duplex Secure Ltd.)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [File not signed]
R3 VCSVADHWSer; C:\WINDOWS\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [279680 2008-07-12] (VIA Technologies, Inc.)
S3 VNUSB; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]
S3 WINIO; C:\WINDOWS\system32\winio.sys [41324 2001-11-13] () [File not signed]
S2 adfs; No ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S0 fcdabus; system32\DRIVERS\fcdabus.sys [X]
S0 FVDSCSI; system32\DRIVERS\fvdscsi.sys [X]
S3 FXDrv32; \??\F:\FXDrv32.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\F:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\F:\NTGLM7X.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U4 WmdmPmSp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2063-09-19 07:50 - 2063-09-19 07:50 - 00005501 _____ C:\WINDOWS\system32\rtclmg32.dll
2015-06-06 12:51 - 2015-06-06 12:51 - 00019383 _____ C:\Users\Nikola\Desktop\zoek-results.txt
2015-06-06 12:48 - 2015-06-06 13:09 - 00000000 ____D C:\Users\Nikola\Local Settings\Temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\tata\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\NetworkService\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\LocalService\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\Guest\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\Default User\Local Settings\temp
2015-06-06 12:48 - 2015-06-06 12:48 - 00000000 ____D C:\Users\car017\Local Settings\Temp
2015-06-06 12:48 - 2015-06-06 12:20 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-06-06 12:23 - 2015-06-06 12:51 - 00019383 _____ C:\zoek-results.log
2015-06-06 12:20 - 2015-06-06 12:44 - 00000000 ____D C:\zoek_backup
2015-06-06 12:19 - 2015-06-06 12:19 - 04180806 _____ C:\Users\Nikola\Desktop\zoek.zip
2015-06-06 12:19 - 2003-02-02 05:00 - 01308672 _____ C:\Users\Nikola\Desktop\zoek.exe
2015-06-06 12:19 - 2003-02-02 04:22 - 01445832 _____ C:\Users\Nikola\Desktop\zoek.scr
2015-06-06 12:19 - 2003-02-02 04:22 - 01445832 _____ C:\Users\Nikola\Desktop\zoek.com
2015-06-06 12:07 - 2015-06-06 12:07 - 00013069 _____ C:\Users\Nikola\Desktop\AdwCleaner[S0].txt
2015-06-06 11:59 - 2015-06-06 12:04 - 00000000 ____D C:\AdwCleaner
2015-06-06 11:58 - 2015-06-06 11:58 - 02231296 _____ C:\Users\Nikola\Desktop\AdwCleaner.exe
2015-06-05 12:24 - 2015-06-06 13:08 - 00000000 ____D C:\Users\Nikola\Desktop\Ambulanta
2015-06-05 08:18 - 2015-06-05 08:24 - 00000000 ____D C:\Users\Nikola\Application Data\CodeBlocks
2015-06-05 06:58 - 2015-06-04 23:23 - 00000972 _____ C:\Users\Nikola\Desktop\Visual Studio 2008.lnk
2015-06-04 23:42 - 2015-06-04 23:42 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Microsoft Developer Network
2015-06-04 23:33 - 2015-06-04 23:33 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Microsoft Windows SDK v6.0A
2015-06-04 23:31 - 2015-06-04 23:31 - 00000000 ____D C:\WINDOWS\system32\js
2015-06-04 23:31 - 2015-06-04 23:31 - 00000000 ____D C:\WINDOWS\system32\images
2015-06-04 23:31 - 2015-06-04 23:31 - 00000000 ____D C:\WINDOWS\system32\html
2015-06-04 23:31 - 2015-06-04 23:31 - 00000000 ____D C:\WINDOWS\system32\css
2015-06-04 23:31 - 2015-06-04 23:31 - 00000000 ____D C:\Program Files\Business Objects
2015-06-04 23:30 - 2015-06-04 23:30 - 00000000 ____D C:\Program Files\Microsoft Device Emulator
2015-06-04 23:29 - 2015-06-04 23:30 - 00000000 ____D C:\Program Files\Windows Mobile 5.0 SDK R2
2015-06-04 23:23 - 2015-06-05 07:54 - 00000000 ____D C:\Users\Nikola\My Documents\Visual Studio 2008
2015-06-04 23:23 - 2015-06-04 23:23 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Microsoft Visual Studio 2008
2015-06-04 23:22 - 2015-06-04 23:22 - 00000000 ____D C:\Users\All Users\Application Data\PreEmptive Solutions
2015-06-04 23:17 - 2015-06-04 23:17 - 00000000 ____D C:\WINDOWS\symbols
2015-06-04 23:14 - 2015-06-04 23:22 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2015-06-04 23:14 - 2015-06-04 23:18 - 00000000 ____D C:\Program Files\HTML Help Workshop
2015-06-04 23:14 - 2015-06-04 23:14 - 00000000 ____D C:\Program Files\CE Remote Tools
2015-06-04 23:12 - 2015-06-04 23:12 - 00000000 ____D C:\Program Files\Microsoft Web Designer Tools
2015-06-04 16:23 - 2015-06-06 13:08 - 00000000 ____D C:\FRST
2015-06-04 16:20 - 2015-05-22 22:21 - 00000761 _____ C:\Users\Nikola\Desktop\Glary Utilities 5.lnk
2015-06-04 13:46 - 2015-06-04 14:50 - 00002134 _____ C:\WINDOWS\setupapi.log
2015-06-04 13:34 - 2015-06-04 13:33 - 30993712 _____ (Riot Games) C:\Users\car017\Desktop\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2015-06-04 11:36 - 2015-06-06 12:49 - 00003760 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-04 09:45 - 2015-06-04 09:46 - 00000012 _____ C:\Users\Nikola\My Documents\lol.txt
2015-06-03 23:50 - 2015-06-03 23:50 - 00000000 ____D C:\Users\Nikola\Local Settings\Application Data\Electronic Arts
2015-06-03 07:40 - 2015-06-03 07:40 - 00000623 _____ C:\Users\car017\Desktop\Harry Potter VIII.lnk
2015-05-30 16:37 - 2015-06-04 22:31 - 00000000 ____D C:\Users\Nikola\Desktop\postavljeno
2015-05-28 16:32 - 2015-06-04 22:31 - 00000000 ____D C:\Users\Nikola\Desktop\nije postavljeno
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D C:\Users\Nikola\Application Data\java
2015-05-27 08:29 - 2015-05-27 08:01 - 00238376 _____ (EasyAntiCheat Ltd) C:\WINDOWS\system32\EasyAntiCheat.exe
2015-05-26 07:00 - 2015-05-26 07:02 - 00000000 ____D C:\Users\Nikola\Application Data\Apple Computer
2015-05-25 18:07 - 2015-05-25 18:22 - 00000000 ____D C:\Users\Nikola\Application
2015-05-23 10:37 - 2015-05-23 10:37 - 00000695 _____ C:\Users\car017\Desktop\Sims 3.lnk
2015-05-23 10:37 - 2015-05-23 10:37 - 00000000 ____D C:\Users\car017\My Documents\Electronic Arts
2015-05-23 10:22 - 2015-06-03 07:38 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Electronic Arts
2015-05-21 18:58 - 2015-05-21 18:58 - 00000000 ____D C:\Users\car017\My Documents\My Games
2015-05-20 18:08 - 2011-04-10 17:25 - 00000666 _____ C:\Users\Nikola\Desktop\Winamp.lnk
2015-05-19 16:20 - 2015-06-04 12:44 - 00000000 ____D C:\Users\car017\Desktop\adons
2015-05-19 16:18 - 2015-05-19 16:18 - 00231424 _____ C:\Users\car017\Desktop\GWTool.exe
2015-05-19 15:20 - 2015-05-26 22:33 - 00000000 ____D C:\Users\car017\My Documents\Projekti
2015-05-19 14:37 - 2015-05-19 06:04 - 00000845 _____ C:\Users\car017\Desktop\Microsoft Visual Basic 6.0.lnk
2015-05-19 06:06 - 2015-05-19 06:06 - 00000126 _____ C:\WINDOWS\mdm.ini
2015-05-19 06:04 - 2015-06-05 07:03 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Microsoft Visual Studio 6.0
2015-05-19 06:04 - 2015-05-19 06:04 - 00000000 ____D C:\Users\Nikola\Start Menu\Programs\Microsoft Web Publishing
2015-05-16 20:13 - 2015-03-29 17:43 - 00000775 _____ C:\Users\Nikola\Desktop\FreeCommander XE.lnk
2015-05-14 09:47 - 2015-05-14 09:47 - 00000000 ____D C:\Users\car017\Application Data\Doctor Who
2015-05-14 09:44 - 2015-05-14 09:44 - 00000000 ____D C:\Users\car017\Local Settings\Application Data\Doctor Who
2015-05-12 20:01 - 2015-05-12 20:01 - 00000000 ____D C:\Users\car017\Application Data\java
2015-05-12 12:01 - 2015-05-12 12:01 - 00000000 ____D C:\Program Files\Common Files\Java
2015-05-12 12:00 - 2015-05-12 12:00 - 00000000 ____D C:\Users\All Users\Application Data\Oracle
2015-05-12 05:37 - 2015-05-12 05:37 - 00000000 ____D C:\Users\Nikola\Screenshots
2015-05-12 05:35 - 2015-05-12 05:35 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\ScreenCapture
2015-05-12 05:35 - 2015-05-12 05:35 - 00000000 ____D C:\Users\All Users\Application Data\ScreenCapture
2015-05-11 12:55 - 2015-05-11 12:55 - 00000000 ____D C:\Users\car017\Application Data\Foxit Software
2015-05-10 20:33 - 2015-05-19 21:03 - 00000000 ____D C:\Users\Nikola\My Documents\Projekti

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 12:51 - 2014-08-06 19:18 - 00000000 ____D C:\Users\Nikola\Application Data\Skype
2015-06-06 12:51 - 2014-05-21 08:56 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-06-06 12:51 - 2014-05-19 07:58 - 00000322 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-06-06 12:50 - 2014-07-04 21:03 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-06 12:50 - 2009-12-08 15:56 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-06 12:50 - 2009-12-08 15:56 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-06-06 12:50 - 2009-12-08 05:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-06 12:49 - 2014-10-05 10:05 - 00000000 ____D C:\Users\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2015-06-06 12:49 - 2014-08-02 15:44 - 00000178 ___SH C:\Users\Nikola\ntuser.ini
2015-06-06 12:49 - 2009-12-08 05:06 - 00032542 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\Application Data\Google
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\UpdatusUser\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\tata\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\SUPPORT_388945a0\Local Settings\Application Data\Google
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\HelpAssistant\Local Settings\Application Data\Google
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\HelpAssistant\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Google
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\car017\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\ASPNET\Local Settings\Application Data\Google
2015-06-06 12:43 - 2014-07-07 21:45 - 00000000 ____D C:\Users\ASPNET\Local Settings\Application Data\Comodo
2015-06-06 12:43 - 2010-12-05 17:05 - 00000000 ____D C:\Users\car017\Local Settings\Application Data\Google
2015-06-06 12:43 - 2009-12-08 07:23 - 00000000 ____D C:\Users\tata\Local Settings\Application Data\Google
2015-06-06 12:42 - 2014-07-30 18:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-06 12:40 - 2014-09-09 18:18 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-06-06 12:40 - 2010-01-08 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-06 12:07 - 2014-08-02 15:44 - 00000008 __RSH C:\Users\Nikola\ntuser.pol
2015-06-06 12:07 - 2014-08-02 15:44 - 00000000 ____D C:\Users\Nikola
2015-06-06 12:07 - 2010-01-27 10:19 - 00000008 __RSH C:\Users\All Users\ntuser.pol
2015-06-06 12:03 - 2011-09-20 15:35 - 00000178 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-06-05 12:31 - 2014-04-09 23:12 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 12:30 - 2011-12-31 17:57 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2015-06-05 08:43 - 2009-12-08 05:24 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-05 07:22 - 2010-07-26 15:11 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2015-06-05 07:03 - 2014-08-08 19:40 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2015-06-05 07:03 - 2009-12-08 05:50 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-06-05 07:03 - 2009-12-08 04:58 - 00000057 _____ C:\WINDOWS\vb.ini
2015-06-05 07:02 - 2009-12-08 15:44 - 00000000 ____D C:\WINDOWS\Help
2015-06-05 06:59 - 2014-04-15 16:44 - 00079232 _____ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2015-06-05 06:25 - 2009-12-08 15:48 - 00290888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-04 23:31 - 2009-12-08 05:50 - 00000780 _____ C:\WINDOWS\ODBC.INI
2015-06-04 23:21 - 2009-12-08 15:53 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-04 23:17 - 2009-12-08 05:29 - 00000000 ____D C:\Program Files\MSBuild
2015-06-04 23:16 - 2009-12-08 15:44 - 00000000 ____D C:\WINDOWS\system32\1033
2015-06-04 16:20 - 2014-10-06 22:42 - 00000000 ____D C:\Users\Nikola\Local Settings\Application Data\LogMeIn Hamachi
2015-06-04 16:20 - 2014-08-06 21:21 - 00000000 ____D C:\Users\Nikola\Application Data\uTorrent
2015-06-04 16:13 - 2010-11-11 19:44 - 00000178 ___SH C:\Users\car017\ntuser.ini
2015-06-04 16:13 - 2010-11-11 19:44 - 00000000 ____D C:\Users\car017
2015-06-04 16:12 - 2012-02-17 13:10 - 00000000 ____D C:\Users\car017\Application Data\uTorrent
2015-06-04 16:11 - 2009-12-08 07:23 - 00000278 ___SH C:\Users\tata\ntuser.ini
2015-06-04 16:03 - 2011-05-28 20:46 - 00000000 ____D C:\Users\car017\Application Data\Skype
2015-06-04 14:50 - 2015-04-04 09:17 - 00000000 ____D C:\Users\car017\Application Data\Riot Games
2015-06-04 14:50 - 2009-12-08 05:00 - 00000000 ____D C:\WINDOWS\system32\DirectX
2015-06-04 14:02 - 2014-02-26 21:07 - 00000000 ____D C:\Users\car017\Application Data\.minecraft
2015-06-04 11:37 - 2014-10-05 10:06 - 00000000 ____D C:\Users\car017\Local Settings\Application Data\LogMeIn Hamachi
2015-06-04 08:25 - 2014-07-31 11:37 - 00000000 ____D C:\Program Files\Steam
2015-06-04 07:25 - 2015-04-05 14:25 - 00000000 ____D C:\Users\Nikola\Application Data\DITE
2015-06-04 07:23 - 2014-05-20 19:33 - 00000000 ____D C:\Program Files\Common Files\Borland Shared
2015-06-04 07:16 - 2014-08-02 15:51 - 00000000 ____D C:\Users\Nikola\Application Data\GlarySoft
2015-06-04 06:20 - 2014-04-09 22:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 06:20 - 2009-12-08 15:44 - 00000000 ____D C:\WINDOWS\Connection Wizard
2015-06-04 00:12 - 2014-04-09 22:56 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-03 18:45 - 2009-12-08 05:58 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2015-06-02 08:08 - 2004-08-04 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-05-31 16:15 - 2014-08-08 19:56 - 00002535 _____ C:\Users\Nikola\Desktop\Microsoft Office Word 2007.lnk
2015-05-29 05:10 - 2015-04-04 14:02 - 00002556 _____ C:\Users\Nikola\Desktop\µTorrent.lnk
2015-05-29 05:10 - 2014-08-06 21:22 - 00002556 _____ C:\Users\Nikola\Start Menu\µTorrent.lnk
2015-05-26 22:34 - 2009-12-08 04:58 - 00000086 _____ C:\WINDOWS\vbaddin.ini
2015-05-26 07:14 - 2009-12-08 07:23 - 00000000 ____D C:\Users\tata
2015-05-26 07:10 - 2009-12-14 08:11 - 00000000 ____D C:\Users\tata\Application Data\Skype
2015-05-26 07:09 - 2014-10-05 20:20 - 00000000 ____D C:\Users\tata\Local Settings\Application Data\LogMeIn Hamachi
2015-05-25 18:07 - 2014-02-26 22:04 - 00000000 ____D C:\Program Files\Minecraft
2015-05-23 10:13 - 2009-12-08 18:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-05-22 22:21 - 2014-05-21 08:56 - 00017472 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-05-22 22:21 - 2014-05-21 08:56 - 00000761 _____ C:\Users\All Users\Start Menu\Programs\Glary Utilities 5.lnk
2015-05-22 22:21 - 2014-05-21 08:56 - 00000000 ____D C:\Users\All Users\Start Menu\Programs\Glary Utilities 5
2015-05-21 04:27 - 2012-06-13 20:45 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-05-19 16:21 - 2015-04-25 13:58 - 00000000 ____D C:\games
2015-05-19 07:35 - 2009-12-08 04:58 - 00000000 ____D C:\WINDOWS\Registration
2015-05-19 07:29 - 2015-03-14 23:36 - 01177118 _____ C:\Users\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-2147080141-839522115-1212-0.dat
2015-05-19 07:29 - 2013-01-30 10:44 - 00270582 _____ C:\Users\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-05-19 06:05 - 2009-12-08 15:53 - 00004161 _____ C:\WINDOWS\ODBCINST.INI
2015-05-19 06:04 - 2010-07-19 13:13 - 00000000 ____D C:\Program Files\Web Publish
2015-05-19 00:04 - 2009-12-08 15:44 - 00000000 ____D C:\WINDOWS\system
2015-05-18 19:37 - 2010-11-26 17:58 - 00078352 _____ C:\Users\car017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-18 07:20 - 2014-08-07 14:54 - 00000000 ____D C:\Users\Nikola\Application Data\Audacity
2015-05-17 23:20 - 2014-09-12 14:10 - 00000000 ____D C:\Users\Nikola\Application Data\Macromedia
2015-05-16 18:14 - 2015-04-19 16:48 - 00000000 ____D C:\Users\Nikola\Application Data\Foxit Software
2015-05-14 20:47 - 2011-05-01 16:20 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-05-12 20:45 - 2012-02-17 13:10 - 00000000 ____D C:\Program Files\uTorrent
2015-05-12 12:00 - 2014-08-20 00:54 - 00271968 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-05-12 12:00 - 2014-08-20 00:54 - 00191072 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-05-12 12:00 - 2014-08-20 00:54 - 00190560 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-05-12 12:00 - 2014-02-02 00:11 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-12 12:00 - 2014-02-02 00:11 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-12 12:00 - 2009-12-08 05:04 - 00000000 ____D C:\Program Files\Java
2015-05-10 20:31 - 2015-03-31 13:02 - 00000422 _____ C:\Users\Nikola\Desktop\Projekti.lnk
2015-05-07 13:43 - 2014-08-13 16:17 - 00043520 _____ C:\WINDOWS\system32\CmdLineExt03.dll

==================== Files in the root of some directories =======

2015-03-29 16:40 - 2015-03-29 16:40 - 0000112 _____ () C:\Users\Nikola\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Users\car017\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

https://www.mycity.rs/must-login.png

Poslao: 06 Jun 2015 16:45
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Probacemo ponovo:

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
URLSearchHook: [S-1-5-21-1645522239-2147080141-839522115-1010] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-09-26] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
S2 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 PowerMon; cmd /c start cmd /c "ping -n 300 127.0.0.1 & C:\Windows\Temp\PowerMon\PowerMon.exe -o stratum+tcp://stratum.mining.eligius.st:3334 -O 12jgfM7qaFhKBYEz7KRjqdjBcz22d48bNh" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 adfs; No ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S0 fcdabus; system32\DRIVERS\fcdabus.sys [X]
S0 FVDSCSI; system32\DRIVERS\fvdscsi.sys [X]
S3 FXDrv32; \??\F:\FXDrv32.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\F:\NTACCESS.sys [X]
S3 SetupNTGLM7X; \??\F:\NTGLM7X.sys [X]
U4 WmdmPmSp; No ImagePath
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 06 Jun 2015 23:28
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Fix result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Nikola at 2015-06-06 23:23:37 Run:2
Running from C:\Users\Nikola\Desktop\Ambulanta
Loaded Profiles: UpdatusUser & Nikola (Available Profiles: tata & car017 & UpdatusUser & Nikola & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
URLSearchHook: [S-1-5-21-1645522239-2147080141-839522115-1010] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\Users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-09-26] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
S2 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 PowerMon; cmd /c start cmd /c "ping -n 300 127.0.0.1 & C:\Windows\Temp\PowerMon\PowerMon.exe -o stratum+tcp://stratum.mining.eligius.st:3334 -O 12jgfM7qaFhKBYEz7KRjqdjBcz22d48bNh" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 adfs; No ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S0 fcdabus; system32\DRIVERS\fcdabus.sys [X]
S0 FVDSCSI; system32\DRIVERS\fvdscsi.sys [X]
S3 FXDrv32; \??\F:\FXDrv32.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\F:\NTACCESS.sys [X]
S3 SetupNTGLM7X; \??\F:\NTGLM7X.sys [X]
U4 WmdmPmSp; No ImagePath
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => value removed successfully.
HKU\S-1-5-21-1645522239-2147080141-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_HP => value removed successfully.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13" => key removed successfully.
"HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13" => key removed successfully.
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully.
NMIndexingService => Service not found.
PowerMon => Service not found.
rpcapd => Service removed successfully.
adfs => Service removed successfully.
AndNetDiag => Service removed successfully.
ANDNetModem => Service removed successfully.
andnetndis => Service removed successfully.
fcdabus => Service removed successfully.
FVDSCSI => Service removed successfully.
FXDrv32 => Service removed successfully.
GMSIPCI => Service removed successfully.
IntelIde => Service removed successfully.
NTACCESS => Service removed successfully.
SetupNTGLM7X => Service removed successfully.
WmdmPmSp => Service removed successfully.
EmptyTemp: => 27.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:24:13 ====

Poslao: 06 Jun 2015 23:33
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kakvo je sada stanje?

Poslao: 06 Jun 2015 23:45
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Radi normalno.
Još kad bi mu rasteretio hard i malo kućište produvao, mislim da bi mu bilo super. Najjače je kad mi se pregreje pa se ugasi.
Znači li vam nešto što prvo pustim AV i MBAM pre nego što otvorim temu ovde? Jer, ako može da se završi posao i bez njih (ako su dovoljni FRST i ostali alati), da ne radim to više da mi ne oduzima vreme.

Poslao: 07 Jun 2015 14:45
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Odlicno.

Jos ovo:

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Poslao: 07 Jun 2015 16:55
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Hvala na trudu.

Poslao: 07 Jun 2015 16:58
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Nema na cemu. Nadam se da nece biti drugog puta, ali ako bude, znas gde smo. Wink

Poslao: 07 Jun 2015 17:49
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Nego...
elzike7 ::Znači li vam nešto što prvo pustim AV i MBAM pre nego što otvorim temu ovde? Jer, ako može da se završi posao i bez njih (ako su dovoljni FRST i ostali alati), da ne radim to više da mi ne oduzima vreme.

Poslao: 07 Jun 2015 18:20
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Meni licno ne znaci puno, jer uvek nesto ostane da doteramo, tako da mi je svejedno da li je nesto ranije radjeno.

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu
 

Ukupno su 856 korisnika na forumu :: 2 registrovanih, 1 sakriven i 853 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: wolverined4, zziko