Usporen kompjuter

1

Usporen kompjuter

offline
  • Pridružio: 12 Jun 2009
  • Poruke: 34

Pozdrav Smile
Poslednjih nekoliko nedelja kompjuter mi radi prilično usporeno (programi se sporo otvaraju, ili npr. ako pokušavam da slušam muziku sa YouTube-a u pozadini i paralelno radim još nešto, snimak sa YT koči). Pre nekoliko dana sam skenirao kompjuter Avastom, pronašao je ravno 100 inficiranih fajlova (koliko se sećam, uglavnom se radilo o rootkit-ima). On je to navodno očistio i situacija se donekle poboljšala, ali i dalje nije kako bi trebalo da bude, pa bih hteo da proverim da li i dalje ima nekih problema sa malware-om. Imam kablovski internet, 9 Mbps.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.45.2
Run by Filip at 22:14:05 on 2013-12-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.4078.2574 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\nalserv.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10007&barid={0C29A2C5-4CF9-11E2-BA78-047D7B738E37}
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SkyDrive] "C:\Users\Filip\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\5283faf4-6b87-4043-8ca7-16787fb4df3b.exe /check
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED} : DHCPNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\44D2C496E6B6F57656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\844554C45434F4D423 : DHCPNameServer = 192.168.2.1 8.8.8.8
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\84F44554C44454C4F4E444255435 : DHCPNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\B4251455E402B425B415F5436423130334 : DHCPNameServer = 23.91.25.135 8.8.8.8
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\C43305562737F6E6E656C637 : DHCPNameServer = 194.254.131.201 194.254.131.202
TCP: Interfaces\{04F1CA4E-98F1-4634-A990-437F0AA10CED}\C4543502330224251435355455253502D202242514353554259454 : DHCPNameServer = 192.168.23.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\rg88qw2l.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Filip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Filip\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Filip\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll
FF - plugin: C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-12-22 17:15; ascsurfingprotection@iobit.com; C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\rg88qw2l.default\extensions\ascsurfingprotection@iobit.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-6-29 207904]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-2 55856]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-28 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-18 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-18 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-18 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2012-6-29 135168]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-29 66560]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-6-20 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-16 378984]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-24 3467768]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-18 2656280]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 79672]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2012-6-18 42096]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-12 283064]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-6-18 38096]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-22 2151200]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 onda_cdc_acm;ONDA CDC-ACM driver;C:\Windows\System32\drivers\onda_cdc_acm.sys [2012-2-20 79872]
S3 onda_cdc_ecm;onda_cdc_ecm;C:\Windows\System32\drivers\onda_cdc_ecm.sys [2012-2-20 60416]
S3 onda_ecm_enum;ONDA ECM Enumerator;C:\Windows\System32\drivers\onda_ecm_enum.sys [2012-2-20 56832]
S3 onda_ecm_enum_filter;onda_ecm_enum_filter;C:\Windows\System32\drivers\onda_ecm_enum_filter.sys [2012-2-20 56832]
S3 onda_wcpo;ONDA Installation Device (WCPO);C:\Windows\System32\drivers\onda_wcpo.sys [2012-2-20 10752]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-6-18 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-6-18 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2012-6-18 307304]
S3 Samsung UPD Service2;Samsung UPD Service2;C:\Windows\System32\SUPDSvc2.exe [2012-6-20 165456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-9 59392]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2013-3-13 1454896]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-21 1255736]
S3 wxpSvc;webcamXP Service;C:\Program Files (x86)\webcamXP 5\wService.exe [2012-3-26 5404472]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-23 12:22:02 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-23 12:22:02 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-23 12:21:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-23 12:21:57 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-23 11:56:19 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0E4BB563-A1FE-4048-9AEB-BA069615B37F}\mpengine.dll
2013-12-23 11:47:29 -------- d-----w- C:\Windows\System32\MRT
2013-12-23 11:41:01 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-12-23 11:41:01 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-12-23 11:41:01 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-12-23 11:41:00 197120 ----a-w- C:\Windows\System32\credui.dll
2013-12-23 11:41:00 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-12-23 11:41:00 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-12-23 11:40:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-23 11:40:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-23 11:35:46 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-23 11:35:45 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-23 11:35:44 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-23 11:35:44 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-23 11:35:43 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-22 15:28:37 -------- d-----w- C:\Program Files\CCleaner
2013-12-22 15:15:05 -------- d-----w- C:\ProgramData\ProductData
2013-12-22 15:14:54 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-22 15:14:52 -------- d-----w- C:\ProgramData\IObit
2013-12-22 15:14:28 -------- d-----w- C:\Program Files (x86)\IObit
2013-12-22 15:13:53 -------- d-----w- C:\Users\Filip\AppData\Roaming\IObit
2013-12-22 15:11:12 -------- d-----w- C:\Users\Filip\AppData\Roaming\AVAST Software
2013-12-22 15:02:59 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-22 12:28:22 -------- d-----w- C:\Users\Filip\AppData\Local\Apple Computer
2013-12-22 12:27:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-12-22 12:26:16 -------- d-----w- C:\Program Files\iPod
2013-12-22 12:26:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 12:26:14 -------- d-----w- C:\Program Files\iTunes
2013-12-22 12:26:14 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-22 12:24:00 -------- d-----w- C:\Program Files\Bonjour
2013-12-22 12:24:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-11-29 16:29:33 -------- d-----w- C:\Users\Filip\AppData\Roaming\oald7
2013-11-29 16:29:15 90112 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2013-11-29 16:25:18 -------- d-----w- C:\Program Files (x86)\Oxford
.
==================== Find3M ====================
.
2013-12-22 15:02:49 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-22 15:02:49 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-22 15:02:49 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-22 15:02:49 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-22 15:02:49 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-22 15:02:48 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-11 21:51:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 21:51:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 11:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 06:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 22:14:50.23 ===============

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 12 Jun 2009
  • Poruke: 34

Evo izveštaja:

mycity.rs/must-login.png

mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png

Inače, usred skeniranja za drugi izveštaj u Gmeru (3rd party) pojavio se BSOD i kompjuter se restartovao, ali kada sam pokušao sledeći put, skeniranje se normalno završilo...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 32bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 12 Jun 2009
  • Poruke: 34

Evo logova:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by Filip (administrator) on FILIP-LAPTOP on 26-12-2013 13:56:13
Running from C:\Users\Filip\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Users\Filip\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\PixArt\Pac7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5283faf4-6b87-4043-8ca7-16787fb4df3b.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKCU\...\Run: [Google Update] - C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-18] (Google Inc.)
HKCU\...\Run: [SkyDrive] - C:\Users\Filip\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
MountPoints2: F - F:\Autorun.exe
MountPoints2: {a03951d5-4ae5-11e3-bb41-047d7b738e37} - G:\Autorun.exe
MountPoints2: {dea7b219-4e35-11e3-9335-047d7b738e37} - F:\Autorun.exe
MountPoints2: {f90b8ee1-bb66-11e1-a5f2-047d7b738e37} - G:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDDFEDE8DFA77CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS
SearchScopes: HKCU - {51098698-E0A7-4643-9372-7248A0578736} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=78D3BC8B-B0CF-4800-947D-9F2B43979C8D&apn_sauid=D51FA248-AE3C-4C15-AD99-DDD7E67C2694
BHO: No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\rg88qw2l.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Filip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Filip\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Filip\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper - C:\Users\Filip\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
FF Extension: Freecorder - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\rg88qw2l.default\Extensions\addon@freecorder.com
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\rg88qw2l.default\Extensions\ascsurfingprotection@iobit.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.rs_
CHR DefaultSearchURL: google.rs/#hl=sr&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=86ce359f9c0ebd85
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Filip\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Filip\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Filip\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (ArchiCAD) - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Filip\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Filip\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Pokki Download Helper) - C:\Users\Filip\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Filip\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Google Drive) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (TV) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0
CHR Extension: (HootSuite Hootlet) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0
CHR Extension: (YouTube) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Planeto Quiz) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg\1.0.5_0
CHR Extension: (Google Search) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe\1.77.1_0
CHR Extension: (iVocab: GRE, TOEFL and SAT) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddbfkngjokojcmmadaaipmjiacnnmgbl\2.1_1
CHR Extension: (Tampermonkey) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (Google News) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0
CHR Extension: (Hangman) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg\1_0
CHR Extension: (Planetarium) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0
CHR Extension: (AdBlock) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (PDF Bookmarker for Google Docs) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifeiciodibcegbbonnmdilopkfilnld\0.4.6_0
CHR Extension: (Select To Get Maps) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (World of Solitaire) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb\1.82_0
CHR Extension: (Typing Test - KeyHero) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0
CHR Extension: (BBC Good Food) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0
CHR Extension: (User-Agent Switcher) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf\2.0_0
CHR Extension: (Google Play Books) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_1
CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Google Wallet) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Thesaurus) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem\1.5_0
CHR Extension: (Gmail) - C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
S3 wxpSvc; C:\Program Files (x86)\webcamXP 5\wService.exe [5404472 2012-03-26] (Moonware Studios)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-12] (Disc Soft Ltd)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-02-20] (ONDA)
S3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-02-20] (ONDA)
S3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-02-20] (ONDA)
S3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-02-20] (ONDA)
S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-02-20] (ONDA)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 13:56 - 2013-12-26 13:57 - 00025424 _____ C:\Users\Filip\Desktop\FRST.txt
2013-12-26 13:55 - 2013-12-26 13:55 - 00000000 ____D C:\FRST
2013-12-26 13:54 - 2013-12-26 13:55 - 01928716 _____ (Farbar) C:\Users\Filip\Desktop\FRST64.exe
2013-12-25 00:10 - 2013-12-25 00:10 - 00007734 _____ C:\Users\Filip\Desktop\Gmer3.txt
2013-12-25 00:07 - 2013-12-25 00:07 - 00534532 _____ C:\Users\Filip\Desktop\Gmer2.log
2013-12-24 23:30 - 2013-12-24 23:30 - 615222926 _____ C:\Windows\MEMORY.DMP
2013-12-24 23:30 - 2013-12-24 23:30 - 00288568 _____ C:\Windows\Minidump\122413-24554-01.dmp
2013-12-24 23:22 - 2013-12-24 23:22 - 00330425 _____ C:\Users\Filip\Desktop\Gmer1.log
2013-12-24 23:07 - 2013-12-24 23:07 - 00377856 _____ C:\Users\Filip\Desktop\9c6t1pnu.exe
2013-12-24 23:03 - 2013-12-24 23:03 - 00007554 _____ C:\Users\Filip\Desktop\AdwCleaner[S0].txt
2013-12-24 22:54 - 2013-12-24 22:59 - 00000000 ____D C:\AdwCleaner
2013-12-24 22:52 - 2013-12-24 22:52 - 01233962 _____ C:\Users\Filip\Desktop\adwcleaner.exe
2013-12-24 22:15 - 2013-12-24 22:15 - 00013566 _____ C:\Users\Filip\Desktop\attach.txt
2013-12-24 22:15 - 2013-12-24 22:14 - 00025150 _____ C:\Users\Filip\Desktop\dds.txt
2013-12-24 22:10 - 2013-12-24 22:10 - 00688992 ____R (Swearware) C:\Users\Filip\Desktop\dds.scr
2013-12-23 13:21 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-23 13:21 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-23 13:21 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-23 13:21 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-23 13:06 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-23 13:06 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-23 13:06 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-23 13:06 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-23 13:06 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-23 13:06 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-23 13:06 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-23 13:06 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-23 13:06 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-23 13:06 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-23 13:06 - 2013-10-25 04:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-23 13:06 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-23 13:05 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-23 13:05 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-23 13:05 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-23 12:47 - 2013-12-23 12:53 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 12:47 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-23 12:41 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-23 12:41 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-23 12:41 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-23 12:41 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-23 12:41 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-23 12:41 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-23 12:40 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-23 12:40 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-23 12:39 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-23 12:39 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-23 12:39 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-23 12:39 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-23 12:39 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-23 12:39 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-23 12:39 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-23 12:39 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-23 12:39 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-23 12:39 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-23 12:39 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-23 12:39 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-23 12:39 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-23 12:39 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-23 12:39 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-23 12:39 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-23 12:39 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-23 12:39 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-23 12:39 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-23 12:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-23 12:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-23 12:39 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-23 12:39 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-23 12:39 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-23 12:39 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-23 12:39 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-23 12:39 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-23 12:39 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-23 12:39 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-23 12:39 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-23 12:39 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-23 12:39 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-23 12:39 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-23 12:39 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-23 12:39 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-23 12:39 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-23 12:35 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-23 12:35 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-23 12:35 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-23 12:35 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-23 12:35 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-23 09:11 - 2013-12-26 09:57 - 00000560 _____ C:\Windows\setupact.log
2013-12-23 09:11 - 2013-12-23 09:11 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 09:10 - 2013-12-23 09:10 - 00001052 _____ C:\Windows\PFRO.log
2013-12-22 16:40 - 2013-12-22 16:40 - 00130998 _____ C:\Users\Filip\Desktop\cc_20131222_164025.reg
2013-12-22 16:28 - 2013-12-22 16:28 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-22 16:28 - 2013-12-22 16:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-22 16:28 - 2013-12-22 16:28 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 16:19 - 2013-12-22 16:19 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-22 16:15 - 2013-12-22 16:15 - 00000000 ____D C:\ProgramData\ProductData
2013-12-22 16:14 - 2013-12-23 09:10 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-22 16:14 - 2013-12-22 16:16 - 00000000 ____D C:\ProgramData\IObit
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-22 16:13 - 2013-12-22 16:15 - 00000000 ____D C:\Users\Filip\AppData\Roaming\IObit
2013-12-22 16:11 - 2013-12-22 16:11 - 00000000 ____D C:\Users\Filip\AppData\Roaming\AVAST Software
2013-12-22 16:02 - 2013-12-22 16:33 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-22 13:28 - 2013-12-22 13:28 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-22 13:28 - 2013-12-22 13:28 - 00000000 ____D C:\Users\Filip\AppData\Local\Apple Computer
2013-12-22 13:27 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-22 13:26 - 2013-12-22 13:27 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 13:26 - 2013-12-22 13:27 - 00000000 ____D C:\Program Files\iTunes
2013-12-22 13:26 - 2013-12-22 13:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-22 13:26 - 2013-12-22 13:26 - 00000000 ____D C:\Program Files\iPod
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files\Bonjour
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-17 09:41 - 2013-12-17 09:53 - 00000000 ____D C:\Users\Filip\Desktop\mxpbeg
2013-12-16 22:17 - 2013-12-16 22:17 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 10:31 - 2013-12-15 15:29 - 00000000 ____D C:\Users\Filip\Desktop\letfr
2013-12-06 08:46 - 2013-12-06 08:46 - 00043546 _____ C:\Users\Filip\Desktop\1314_WordListutf.txt
2013-12-06 08:37 - 2013-12-06 08:45 - 00043537 _____ C:\Users\Filip\Desktop\1314_WordList.txt
2013-11-29 17:29 - 2013-11-29 17:29 - 00090112 _____ () C:\Windows\SysWOW64\CmdLineExt.dll
2013-11-29 17:29 - 2013-11-29 17:29 - 00001962 _____ C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 7th edition.lnk
2013-11-29 17:29 - 2013-11-29 17:29 - 00000000 ____D C:\Users\Filip\AppData\Roaming\SecuROM
2013-11-29 17:29 - 2013-11-29 17:29 - 00000000 ____D C:\Users\Filip\AppData\Roaming\oald7
2013-11-29 17:25 - 2013-11-29 17:25 - 00000000 ____D C:\Program Files (x86)\Oxford

==================== One Month Modified Files and Folders =======

2013-12-26 13:57 - 2013-12-26 13:56 - 00025424 _____ C:\Users\Filip\Desktop\FRST.txt
2013-12-26 13:55 - 2013-12-26 13:55 - 00000000 ____D C:\FRST
2013-12-26 13:55 - 2013-12-26 13:54 - 01928716 _____ (Farbar) C:\Users\Filip\Desktop\FRST64.exe
2013-12-26 13:53 - 2012-06-18 18:15 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000UA.job
2013-12-26 13:50 - 2013-01-22 11:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 13:29 - 2009-07-14 05:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 13:29 - 2009-07-14 05:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 13:09 - 2012-06-20 08:09 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 12:11 - 2012-10-02 14:06 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000UA.job
2013-12-26 11:09 - 2012-06-20 08:09 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 10:09 - 2013-02-09 12:02 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for FILIP-LAPTOP-Filip Filip-Laptop
2013-12-26 10:00 - 2012-07-30 16:59 - 00003484 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-26 10:00 - 2012-06-18 17:42 - 01365825 _____ C:\Windows\WindowsUpdate.log
2013-12-26 09:59 - 2013-02-09 11:55 - 00000000 ___RD C:\Users\Filip\SkyDrive
2013-12-26 09:57 - 2013-12-23 09:11 - 00000560 _____ C:\Windows\setupact.log
2013-12-26 09:57 - 2012-06-18 20:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-26 09:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 09:05 - 2012-06-21 19:31 - 00000000 ____D C:\Users\Filip\AppData\Local\Adobe
2013-12-25 23:53 - 2012-06-18 18:15 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000Core.job
2013-12-25 20:18 - 2013-01-05 18:32 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{89A8FE15-DEAE-43C1-9786-AA3EC5540B7F}
2013-12-25 15:11 - 2012-10-02 14:06 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000Core.job
2013-12-25 11:41 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-25 11:38 - 2012-07-06 06:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-25 00:10 - 2013-12-25 00:10 - 00007734 _____ C:\Users\Filip\Desktop\Gmer3.txt
2013-12-25 00:07 - 2013-12-25 00:07 - 00534532 _____ C:\Users\Filip\Desktop\Gmer2.log
2013-12-24 23:30 - 2013-12-24 23:30 - 615222926 _____ C:\Windows\MEMORY.DMP
2013-12-24 23:30 - 2013-12-24 23:30 - 00288568 _____ C:\Windows\Minidump\122413-24554-01.dmp
2013-12-24 23:30 - 2013-03-13 10:02 - 00000000 ____D C:\Windows\Minidump
2013-12-24 23:22 - 2013-12-24 23:22 - 00330425 _____ C:\Users\Filip\Desktop\Gmer1.log
2013-12-24 23:07 - 2013-12-24 23:07 - 00377856 _____ C:\Users\Filip\Desktop\9c6t1pnu.exe
2013-12-24 23:03 - 2013-12-24 23:03 - 00007554 _____ C:\Users\Filip\Desktop\AdwCleaner[S0].txt
2013-12-24 22:59 - 2013-12-24 22:54 - 00000000 ____D C:\AdwCleaner
2013-12-24 22:52 - 2013-12-24 22:52 - 01233962 _____ C:\Users\Filip\Desktop\adwcleaner.exe
2013-12-24 22:15 - 2013-12-24 22:15 - 00013566 _____ C:\Users\Filip\Desktop\attach.txt
2013-12-24 22:14 - 2013-12-24 22:15 - 00025150 _____ C:\Users\Filip\Desktop\dds.txt
2013-12-24 22:10 - 2013-12-24 22:10 - 00688992 ____R (Swearware) C:\Users\Filip\Desktop\dds.scr
2013-12-24 18:57 - 2013-04-29 13:14 - 00000000 ____D C:\Users\Filip\Desktop\Slike
2013-12-24 06:52 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-24 06:12 - 2012-06-19 19:26 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Skype
2013-12-23 19:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 18:37 - 2012-06-19 02:32 - 00000000 ____D C:\Windows\Panther
2013-12-23 18:36 - 2009-07-14 05:45 - 05100528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 13:13 - 2012-06-21 10:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-23 13:11 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-12-23 12:53 - 2013-12-23 12:47 - 00000000 ____D C:\Windows\system32\MRT
2013-12-23 09:11 - 2013-12-23 09:11 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 09:10 - 2013-12-23 09:10 - 00001052 _____ C:\Windows\PFRO.log
2013-12-23 09:10 - 2013-12-22 16:14 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-22 23:18 - 2013-08-17 12:41 - 00000000 ____D C:\Users\Filip\AppData\Roaming\BatteryBar
2013-12-22 16:40 - 2013-12-22 16:40 - 00130998 _____ C:\Users\Filip\Desktop\cc_20131222_164025.reg
2013-12-22 16:38 - 2012-09-26 13:37 - 00000000 ____D C:\Users\Filip\AppData\Roaming\com.oxygenxml
2013-12-22 16:38 - 2012-09-08 14:43 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Winamp
2013-12-22 16:38 - 2012-07-30 12:10 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Notepad++
2013-12-22 16:38 - 2012-06-30 16:04 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-22 16:38 - 2012-06-21 10:03 - 00000000 ____D C:\Users\Filip\AppData\Roaming\DAEMON Tools Lite
2013-12-22 16:38 - 2012-06-18 19:22 - 00000000 ____D C:\Users\Filip\AppData\Roaming\uTorrent
2013-12-22 16:37 - 2013-03-18 00:19 - 00000000 ____D C:\Users\Filip\AppData\Local\CrashDumps
2013-12-22 16:37 - 2012-06-23 16:06 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-22 16:33 - 2013-12-22 16:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-22 16:28 - 2013-12-22 16:28 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-22 16:28 - 2013-12-22 16:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-22 16:28 - 2013-12-22 16:28 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 16:19 - 2013-12-22 16:19 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-22 16:16 - 2013-12-22 16:14 - 00000000 ____D C:\ProgramData\IObit
2013-12-22 16:15 - 2013-12-22 16:15 - 00000000 ____D C:\ProgramData\ProductData
2013-12-22 16:15 - 2013-12-22 16:13 - 00000000 ____D C:\Users\Filip\AppData\Roaming\IObit
2013-12-22 16:15 - 2012-08-26 20:35 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Apple Computer
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-22 16:11 - 2013-12-22 16:11 - 00000000 ____D C:\Users\Filip\AppData\Roaming\AVAST Software
2013-12-22 16:10 - 2013-11-10 15:19 - 00000000 ____D C:\Users\Filip\Desktop\64-bit
2013-12-22 16:03 - 2013-11-15 21:06 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 16:02 - 2013-06-29 18:56 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-22 16:02 - 2013-06-29 18:56 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-22 16:02 - 2012-06-18 19:40 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-22 16:02 - 2012-06-18 19:40 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-22 16:02 - 2012-06-18 19:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-22 16:02 - 2012-06-18 19:40 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-22 16:02 - 2012-06-18 19:40 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-22 16:02 - 2012-06-18 19:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-22 16:00 - 2012-06-18 19:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-22 15:59 - 2012-06-18 19:40 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-12-22 13:28 - 2013-12-22 13:28 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-22 13:28 - 2013-12-22 13:28 - 00000000 ____D C:\Users\Filip\AppData\Local\Apple Computer
2013-12-22 13:27 - 2013-12-22 13:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 13:27 - 2013-12-22 13:26 - 00000000 ____D C:\Program Files\iTunes
2013-12-22 13:27 - 2013-12-22 13:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-22 13:26 - 2013-12-22 13:26 - 00000000 ____D C:\Program Files\iPod
2013-12-22 13:26 - 2012-08-26 20:25 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files\Bonjour
2013-12-22 13:24 - 2013-12-22 13:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-22 13:24 - 2012-08-26 20:24 - 00000000 ____D C:\ProgramData\Apple
2013-12-19 14:11 - 2012-06-18 19:40 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-17 21:47 - 2013-11-11 16:37 - 00000000 ____D C:\Program Files (x86)\Onda Connection Manager
2013-12-17 09:53 - 2013-12-17 09:41 - 00000000 ____D C:\Users\Filip\Desktop\mxpbeg
2013-12-16 23:39 - 2013-09-28 00:02 - 00027501 _____ C:\Users\Filip\Desktop\orari.xlsx
2013-12-16 22:17 - 2013-12-16 22:17 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 22:17 - 2012-06-18 21:12 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-15 16:05 - 2012-06-21 10:10 - 00000000 ____D C:\Users\Filip\AppData\Local\Microsoft Help
2013-12-15 15:29 - 2013-12-14 10:31 - 00000000 ____D C:\Users\Filip\Desktop\letfr
2013-12-13 20:27 - 2012-06-25 09:59 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Audacity
2013-12-13 19:22 - 2013-11-04 00:00 - 00000000 ____D C:\Users\Filip\Desktop\profil
2013-12-13 19:22 - 2012-07-02 15:14 - 00000132 _____ C:\Users\Filip\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-12 20:23 - 2009-07-14 06:08 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 22:51 - 2013-01-22 11:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 22:51 - 2013-01-22 11:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 22:51 - 2013-01-22 11:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 22:03 - 2012-06-19 19:25 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 22:02 - 2013-02-14 14:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-10 23:48 - 2012-06-18 18:15 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000UA
2013-12-10 23:48 - 2012-06-18 18:15 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017253435-2518848865-3923819110-1000Core
2013-12-08 11:04 - 2012-06-20 08:09 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 11:04 - 2012-06-20 08:09 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 08:46 - 2013-12-06 08:46 - 00043546 _____ C:\Users\Filip\Desktop\1314_WordListutf.txt
2013-12-06 08:45 - 2013-12-06 08:37 - 00043537 _____ C:\Users\Filip\Desktop\1314_WordList.txt
2013-12-01 14:42 - 2013-12-23 12:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-30 22:38 - 2012-06-18 18:15 - 00120576 _____ C:\Users\Filip\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-29 17:29 - 2013-11-29 17:29 - 00090112 _____ () C:\Windows\SysWOW64\CmdLineExt.dll
2013-11-29 17:29 - 2013-11-29 17:29 - 00001962 _____ C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 7th edition.lnk
2013-11-29 17:29 - 2013-11-29 17:29 - 00000000 ____D C:\Users\Filip\AppData\Roaming\SecuROM
2013-11-29 17:29 - 2013-11-29 17:29 - 00000000 ____D C:\Users\Filip\AppData\Roaming\oald7
2013-11-29 17:25 - 2013-11-29 17:25 - 00000000 ____D C:\Program Files (x86)\Oxford
2013-11-28 22:21 - 2012-08-23 14:33 - 00105360 _____ C:\Users\Filip\Desktop\La princesse de Montpensier (2010).FRA.srt
2013-11-26 12:25 - 2013-03-22 00:22 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Filip\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 14:25

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

MountPoints2: F - F:\Autorun.exe
MountPoints2: {a03951d5-4ae5-11e3-bb41-047d7b738e37} - G:\Autorun.exe
MountPoints2: {dea7b219-4e35-11e3-9335-047d7b738e37} - F:\Autorun.exe
MountPoints2: {f90b8ee1-bb66-11e1-a5f2-047d7b738e37} - G:\SETUP.EXE
SearchScopes: HKCU - {51098698-E0A7-4643-9372-7248A0578736} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=78D3BC8B-B0CF-4800-947D-9F2B43979C8D&apn_sauid=D51FA248-AE3C-4C15-AD99-DDD7E67C2694
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx
C:\Program Files (x86)\Freecorder extension
AlternateDataStreams: C:\Windows:netNLSPreferences
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Filip\Cookies:VcHGyVQWFXvDORcMrCtrJimAtRhId
AlternateDataStreams: C:\Users\Filip\AppData\Local\WSGCLons1a:M4G29zIMk8ady8dlPD72uaQ4CSBE0J
cmd: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takodje, na Desktop-u ce se nalaziti fixlog.txt.

offline
  • Pridružio: 12 Jun 2009
  • Poruke: 34

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-12-2013
Ran by Filip at 2013-12-26 16:48:48 Run:1
Running from C:\Users\Filip\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
MountPoints2: F - F:\Autorun.exe
MountPoints2: {a03951d5-4ae5-11e3-bb41-047d7b738e37} - G:\Autorun.exe
MountPoints2: {dea7b219-4e35-11e3-9335-047d7b738e37} - F:\Autorun.exe
MountPoints2: {f90b8ee1-bb66-11e1-a5f2-047d7b738e37} - G:\SETUP.EXE
SearchScopes: HKCU - {51098698-E0A7-4643-9372-7248A0578736} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=78D3BC8B-B0CF-4800-947D-9F2B43979C8D&apn_sauid=D51FA248-AE3C-4C15-AD99-DDD7E67C2694
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx
C:\Program Files (x86)\Freecorder extension
AlternateDataStreams: C:\Windows:netNLSPreferences
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Filip\Cookies:VcHGyVQWFXvDORcMrCtrJimAtRhId
AlternateDataStreams: C:\Users\Filip\AppData\Local\WSGCLons1a:M4G29zIMk8ady8dlPD72uaQ4CSBE0J
cmd: ipconfig /flushdns
*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a03951d5-4ae5-11e3-bb41-047d7b738e37} => Key deleted successfully.
HKCR\CLSID\{a03951d5-4ae5-11e3-bb41-047d7b738e37} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea7b219-4e35-11e3-9335-047d7b738e37} => Key deleted successfully.
HKCR\CLSID\{dea7b219-4e35-11e3-9335-047d7b738e37} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f90b8ee1-bb66-11e1-a5f2-047d7b738e37} => Key deleted successfully.
HKCR\CLSID\{f90b8ee1-bb66-11e1-a5f2-047d7b738e37} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51098698-E0A7-4643-9372-7248A0578736} => Key deleted successfully.
HKCR\CLSID\{51098698-E0A7-4643-9372-7248A0578736} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm => Key deleted successfully.
"C:\Program Files (x86)\Freecorder extension\Freecorder.crx" => File/Directory not found.
"C:\Program Files (x86)\Freecorder extension" => File/Directory not found.
C:\Windows => ":netNLSPreferences" ADS removed successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
"C:\Users\Filip\Cookies" => ":VcHGyVQWFXvDORcMrCtrJimAtRhId" ADS not found.
C:\Users\Filip\AppData\Local\WSGCLons1a => ":M4G29zIMk8ady8dlPD72uaQ4CSBE0J" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kakvo je sada stanje?

offline
  • Pridružio: 12 Jun 2009
  • Poruke: 34

Čini mi se da je bolje, ali i dalje povremeno koči u istim situacijama kao na početku, npr. ako imam muziku u pozadini, dovoljno je da počnem da skrolujem u nekom drugom prozoru ili otvorim novi tab u Chrome-u i krene da se prekida...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Racunar je cist, sto se tice Chrome-a, imas veliki broj ekstenzija, mogao bi da pogasis one koje ne koristis.

U polje gde kucas adresu upisi i prisisni enter

chrome://extensions/

I obrisi sve sto ne znas sta je i sto ti ne treba...

Ko je trenutno na forumu
 

Ukupno su 582 korisnika na forumu :: 7 registrovanih, 1 sakriven i 574 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Bubili, cikadeda, Japidson, JOntra, pein