Ne mogucnost povezivanja laptopa na tv

1

Ne mogucnost povezivanja laptopa na tv

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Dakle laptop, kojije do pre par meseci mogao normalno da se putem vga veze poveze s tv-om odjednom vise ne moze.... tv izbacuje no signal... a kombinacija fn+f5 reaguje ali promena na tvu nema....
Pokusano je:
Zamena vga kabla, povezivanje na drugi monitor, reinstalacija gpu drivera.... sve bez rezultata.
Podesavanja u grafickoj, sama menjaju vrednosti kada iih rucno podesim..... a i tad nema slike na tv-u.
Opste stanje sistema indikovalo je prisustvo velike kolicine adware-a, te je primenjen tretman sa adwcleanerom ciji ucinak nije uticao na izlozeni problem. Adwcleaner pak nije uticao na web browsere koji su uredno bili iskljuceni, a cija je "klinicka slika" pokazivala klasicno hijack-ovanje home page-a.
Kako bi resio problem sa browserima primenio sam radikalnu metodu unistavanje i ponovnog pravljenja korisnickog profila....
Posto postoji indikacija na virusnu infekciju zamolio bi drage kolege da mi pripomognu, stalo mi je da izbegnem reinstal wina u ovom slucaju.

Evo logova

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by Trony (administrator) on TOSHIBA on 19-07-2014 21:24:53
Running from C:\Documents and Settings\Trony\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files\Skype\Plugin Manager\skypePM.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-15] (Google Inc.)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [GameXN GO] => C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe [347008 2013-02-24] (EasyBits Software AS)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
SearchScopes: HKCU - {D5FDEECB-0BB3-4F96-9006-CF36B22B864A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.4.17 - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: http://lavasoft.blekko.com/ws/?source=f439e2c0&.....4C8&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx [2014-07-10]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149088 2012-09-25] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-21] (Lavasoft Limited ) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-09-25] (Sony Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-31] (GFI Software)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2014-07-10] (REALiX(tm))
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 Ltn_hyd7700pc; C:\WINDOWS\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\WINDOWS\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428480 2006-10-29] (Intel® Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-07-19 21:22 - 2014-07-19 21:24 - 00000000 ____D () C:\FRST
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-19 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:26 - 2014-07-10 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-10 14:31 - 2007-05-25 11:00 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-07-10 14:16 - 2014-07-10 14:17 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:52 - 2013-10-12 12:04 - 02842360 _____ (Martin Malík - REALiX ) C:\Documents and Settings\Trony\Desktop\hw32_424.exe
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:11 - 2014-07-01 12:12 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-06-26 06:39 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-26 06:39 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-26 06:39 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-26 06:39 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-26 06:38 - 2014-06-26 06:39 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee

==================== One Month Modified Files and Folders =======

2014-07-19 21:25 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Temp
2014-07-19 21:24 - 2014-07-19 21:22 - 00000000 ____D () C:\FRST
2014-07-19 21:19 - 2008-09-15 13:48 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\Skype
2014-07-19 21:17 - 2009-07-01 19:05 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
2014-07-19 21:15 - 2011-07-14 11:52 - 00002265 _____ () C:\Documents and Settings\Trony\Desktop\skype.lnk
2014-07-19 21:15 - 2009-02-11 14:58 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\skypePM
2014-07-19 21:03 - 2012-06-05 22:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 21:03 - 2008-09-15 12:53 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 20:55 - 2010-08-30 19:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 15:43 - 2014-07-10 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-19 12:51 - 2011-04-13 19:53 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2014-07-19 12:51 - 2011-04-13 19:53 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2014-07-19 12:51 - 2010-09-24 18:20 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-07-19 12:18 - 2008-09-15 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-19 11:54 - 2014-05-25 07:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-19 07:22 - 2008-09-15 12:48 - 01521417 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-18 11:55 - 2010-08-30 19:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 14:49 - 2013-03-31 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-07-17 14:49 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\go
2014-07-17 14:49 - 2008-09-15 15:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\OpenOffice.org2
2014-07-17 14:49 - 2008-09-15 13:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-17 14:49 - 2008-09-15 13:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-17 14:49 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-17 14:48 - 2014-03-24 18:12 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-17 14:48 - 2011-02-05 17:52 - 00692728 _____ () C:\aaw7boot.log
2014-07-17 14:48 - 2011-01-06 20:28 - 00000288 _____ () C:\WINDOWS\Tasks\iMeshNAG.job
2014-07-17 14:48 - 2008-09-15 12:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 06:59 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GameXN
2014-07-17 00:31 - 2008-09-15 12:54 - 00000278 ___SH () C:\Documents and Settings\Trony\ntuser.ini
2014-07-11 11:27 - 2009-03-07 21:18 - 00673675 _____ () C:\WINDOWS\setupapi.log
2014-07-10 22:21 - 2009-10-22 09:42 - 00000000 ___RD () C:\Documents and Settings\Trony\Desktop\Odrzavanje Racunara
2014-07-10 15:54 - 2009-08-28 17:00 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Temp
2014-07-10 15:50 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:37 - 2014-07-10 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 14:41 - 2008-09-15 13:26 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-10 14:17 - 2014-07-10 14:16 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-09 14:04 - 2013-07-15 23:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 14:00 - 2008-09-15 14:56 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 23:03 - 2012-06-05 22:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 23:03 - 2012-02-11 11:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-24 18:12 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-02 13:40 - 2009-02-10 16:12 - 00000000 ____D () C:\Program Files\Macmillan
2014-07-02 13:40 - 2008-09-15 13:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:12 - 2014-07-01 12:11 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01981816 _____ () C:\WINDOWS\iis6.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01830110 _____ () C:\WINDOWS\FaxSetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00874976 _____ () C:\WINDOWS\ocgen.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00835028 _____ () C:\WINDOWS\tsoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00608403 _____ () C:\WINDOWS\comsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00560118 _____ () C:\WINDOWS\msmqinst.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00368712 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00320568 _____ () C:\WINDOWS\netfxocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00125800 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00101232 _____ () C:\WINDOWS\ocmsn.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00092056 _____ () C:\WINDOWS\tabletoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00091464 _____ () C:\WINDOWS\msgsocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-07-01 12:12 - 2008-09-15 13:33 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-07-01 12:11 - 2009-03-07 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-07-01 11:50 - 2010-07-28 08:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 06:17 - 2009-07-01 19:05 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
2014-06-26 06:39 - 2014-06-26 06:38 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Java
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 07:04 - 2013-12-28 00:07 - 00002323 _____ () C:\Documents and Settings\All Users\Desktop\Svjedočanstva.lnk
2014-06-22 06:38 - 2013-10-31 23:39 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\Statistika.maja 2013-14
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-06-21 13:45 - 2013-12-28 00:12 - 03625897 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-1993962763-725345543-1003-0.dat
2014-06-21 13:45 - 2013-12-28 00:12 - 00306846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-20 16:18 - 2012-05-04 22:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Documents and Settings\Trony\Local Settings\Temp\fdc56105-f7de-4da9-bbf8-7fd37c5f975e.exe
C:\Documents and Settings\Trony\Local Settings\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Exclamation Zamolio bih te da ne koristiš nikakve USB memorije dok ti ja ne kažem drugačije.






Arrow Otvori Control Panel - Program and Features i deinstaliraj sledeće:
Ad-Aware
Ad-Aware Browsing Protection








Arrow

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:


HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe
C:\Win
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32"
C:\Win\lsass.exe
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]
NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\DOCUME~1\Trony\LOCALS~1\Temp\iMesh_setup.exe


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.







Arrow Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Nije trazio restart

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by Trony at 2014-07-21 13:05:34 Run:1
Running from C:\Documents and Settings\Trony\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {2b4f6a05-0b44-11de-8ca7-001e335a3b4d} - usdeiect.com
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {57db1862-b68e-11de-8d80-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {a293564d-56aa-11de-8d3d-001e335a3b4d} - F:\lky.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {ab442202-1b69-11e0-8ff0-001e335a3b4d} - H:\PMBP_Win.exe
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\MountPoints2: {fe4ac848-bd6c-11de-8d91-001e335a3b4d} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe
C:\Win
S3 ulxoo; \??\C:\WINDOWS\system32\01.tmp [X]
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32"
C:\Win\lsass.exe
S2 srwxafqox; C:\WINDOWS\system32\hyqnxj.dll [X]
NETSVC: srwxafqox -> C:\WINDOWS\system32\hyqnxj.dll ==> No File.
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\DOCUME~1\Trony\LOCALS~1\Temp\iMesh_setup.exe
*****************

'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b4f6a05-0b44-11de-8ca7-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{2b4f6a05-0b44-11de-8ca7-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57db1862-b68e-11de-8d80-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{57db1862-b68e-11de-8d80-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a293564d-56aa-11de-8d3d-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{a293564d-56aa-11de-8d3d-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab442202-1b69-11e0-8ff0-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{ab442202-1b69-11e0-8ff0-001e335a3b4d}'=> Key not found.
'HKU\S-1-5-21-1935655697-1993962763-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe4ac848-bd6c-11de-8d91-001e335a3b4d}' => Key deleted successfully.
'HKCR\CLSID\{fe4ac848-bd6c-11de-8d91-001e335a3b4d}'=> Key not found.
C:\Documents and Settings\Trony\Local Settings\Temp\*.exe => Moved successfully.
C:\Win => Moved successfully.
ulxoo => Service deleted successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32" =========


Permanently delete the registry key SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\run32 (Y/N)?
The operation completed successfully


========= End of Reg: =========

"C:\Win\lsass.exe" => File/Directory not found.
srwxafqox => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs srwxafqox => Value deleted successfully.
C:\WINDOWS\Tasks\iMeshNAG.job => Moved successfully.

==== End of Fixlog ====


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Kakvo je sada stanje?
Ponovo pokreni FRST i postavi mi svež log.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Stanje - isto.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by Trony (administrator) on TOSHIBA on 21-07-2014 16:03:35
Running from C:\Documents and Settings\Trony\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Sony\PlayMemories Home\dfs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files\Skype\Plugin Manager\skypePM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\Trony\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-15] (Google Inc.)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [GameXN GO] => C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe [347008 2013-02-24] (EasyBits Software AS)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" (the data entry has 7 more characters).
HKU\S-1-5-21-1935655697-1993962763-725345543-1003\...\RunOnce: [adawarebp_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Trony\Local Settings\Application Data\adawarebp" /s /q
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Trony\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg
SearchScopes: HKCU - {D5FDEECB-0BB3-4F96-9006-CF36B22B864A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {2977d8cc-8902-4340-be88-2c676bf96b8d} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User
FF Homepage: www.google.me
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.4.17 - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp.....838D4C8&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Documents and Settings\Trony\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Trony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx [2014-07-10]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 DeviceFinderService; C:\Program Files\Sony\PlayMemories Home\dfs.exe [149088 2012-09-25] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-09-25] (Sony Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-03-31] (GFI Software)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211456 2007-11-01] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2007-11-01] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2014-07-10] (REALiX(tm))
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 Ltn_hyd7700pc; C:\WINDOWS\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\WINDOWS\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428480 2006-10-29] (Intel® Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 16:03 - 2014-07-21 16:04 - 00018915 _____ () C:\Documents and Settings\Trony\Desktop\FRST.txt
2014-07-21 16:03 - 2014-07-21 12:59 - 01080320 _____ (Farbar) C:\Documents and Settings\Trony\Desktop\FRST.exe
2014-07-21 13:07 - 2014-07-21 13:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Program Files\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2014-07-19 21:22 - 2014-07-21 16:03 - 00000000 ____D () C:\FRST
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-21 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:26 - 2014-07-10 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 15:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-10 14:31 - 2007-05-25 11:00 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-07-10 14:16 - 2014-07-10 14:17 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:52 - 2013-10-12 12:04 - 02842360 _____ (Martin Malík - REALiX ) C:\Documents and Settings\Trony\Desktop\hw32_424.exe
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:11 - 2014-07-01 12:12 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-06-26 06:39 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-26 06:39 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-26 06:39 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-26 06:39 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-26 06:38 - 2014-06-26 06:39 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee

==================== One Month Modified Files and Folders =======

2014-07-21 16:04 - 2014-07-21 16:03 - 00018915 _____ () C:\Documents and Settings\Trony\Desktop\FRST.txt
2014-07-21 16:04 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Temp
2014-07-21 16:03 - 2014-07-19 21:22 - 00000000 ____D () C:\FRST
2014-07-21 16:03 - 2012-06-05 22:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-21 16:02 - 2008-09-15 13:48 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\Skype
2014-07-21 15:55 - 2010-08-30 19:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 15:43 - 2014-07-10 15:43 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-21 15:17 - 2009-07-01 19:05 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
2014-07-21 13:29 - 2011-07-14 11:52 - 00002265 _____ () C:\Documents and Settings\Trony\Desktop\skype.lnk
2014-07-21 13:27 - 2008-09-15 12:48 - 01545618 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-21 13:18 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Program Files\MCShield
2014-07-21 13:07 - 2014-07-21 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2014-07-21 12:59 - 2014-07-21 16:03 - 01080320 _____ (Farbar) C:\Documents and Settings\Trony\Desktop\FRST.exe
2014-07-21 12:56 - 2010-09-19 14:24 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\~0
2014-07-21 12:56 - 2009-03-07 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-07-21 11:55 - 2010-08-30 19:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 11:02 - 2009-02-11 14:58 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\skypePM
2014-07-20 08:06 - 2010-09-19 14:26 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-07-19 21:03 - 2008-09-15 12:53 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 12:51 - 2011-04-13 19:53 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2014-07-19 12:51 - 2011-04-13 19:53 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2014-07-19 12:51 - 2010-09-24 18:20 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-07-19 12:18 - 2008-09-15 12:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-19 11:54 - 2014-05-25 07:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-17 14:49 - 2013-03-31 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-07-17 14:49 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\go
2014-07-17 14:49 - 2008-09-15 15:09 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\OpenOffice.org2
2014-07-17 14:49 - 2008-09-15 13:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-17 14:49 - 2008-09-15 13:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-17 14:49 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-17 14:48 - 2014-03-24 18:12 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-17 14:48 - 2011-02-05 17:52 - 00692728 _____ () C:\aaw7boot.log
2014-07-17 14:48 - 2008-09-15 12:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-17 06:59 - 2013-02-24 13:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GameXN
2014-07-17 00:31 - 2008-09-15 12:54 - 00000278 ___SH () C:\Documents and Settings\Trony\ntuser.ini
2014-07-11 11:27 - 2009-03-07 21:18 - 00673675 _____ () C:\WINDOWS\setupapi.log
2014-07-10 22:21 - 2009-10-22 09:42 - 00000000 ___RD () C:\Documents and Settings\Trony\Desktop\Odrzavanje Racunara
2014-07-10 15:54 - 2009-08-28 17:00 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Temp
2014-07-10 15:50 - 2008-09-15 12:54 - 00000000 ____D () C:\Documents and Settings\Trony
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\AVAST Software
2014-07-10 15:43 - 2014-07-10 15:43 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-10 15:43 - 2014-07-10 15:43 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-10 15:43 - 2014-07-10 15:43 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-10 15:43 - 2014-07-10 15:43 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-10 15:43 - 2014-07-10 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-07-10 15:37 - 2014-07-10 15:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 15:37 - 2014-07-10 15:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-07-10 14:41 - 2008-09-15 13:26 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-10 14:17 - 2014-07-10 14:16 - 00000000 ____D () C:\Documents and Settings\Trony\Desktop\display-20080519181914
2014-07-10 13:54 - 2014-07-10 13:54 - 00022560 _____ (REALiX(tm)) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-07-10 13:54 - 2014-07-10 13:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
2014-07-10 13:35 - 2014-07-10 13:35 - 00000884 _____ () C:\Documents and Settings\Trony\Desktop\AIDA64 Extreme Edition.lnk
2014-07-10 13:35 - 2014-07-10 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
2014-07-10 13:34 - 2014-07-10 13:34 - 00000000 ____D () C:\Program Files\FinalWire
2014-07-10 13:32 - 2014-07-10 13:32 - 00000735 _____ () C:\Documents and Settings\Trony\Desktop\Shortcut to TeamViewer_Setup_sr-ckq.lnk
2014-07-10 13:24 - 2014-07-10 13:24 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\TeamViewer
2014-07-09 14:04 - 2013-07-15 23:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 14:00 - 2008-09-15 14:56 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 23:03 - 2012-06-05 22:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 23:03 - 2012-02-11 11:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-24 18:12 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-02 13:40 - 2014-07-02 13:40 - 00001771 _____ () C:\Documents and Settings\All Users\Desktop\In Company Second Edition Pre-intermediate.lnk
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macmillan
2014-07-02 13:40 - 2009-02-10 16:12 - 00000000 ____D () C:\Program Files\Macmillan
2014-07-02 13:40 - 2008-09-15 13:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-01 12:14 - 2014-07-01 12:14 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-01 12:12 - 2014-07-01 12:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-07-01 12:12 - 2014-07-01 12:11 - 00008346 _____ () C:\WINDOWS\KB942288-v3.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01981816 _____ () C:\WINDOWS\iis6.log
2014-07-01 12:12 - 2009-10-22 12:03 - 01830110 _____ () C:\WINDOWS\FaxSetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00874976 _____ () C:\WINDOWS\ocgen.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00835028 _____ () C:\WINDOWS\tsoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00608403 _____ () C:\WINDOWS\comsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00560118 _____ () C:\WINDOWS\msmqinst.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00368712 _____ () C:\WINDOWS\ntdtcsetup.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00320568 _____ () C:\WINDOWS\netfxocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00125800 _____ () C:\WINDOWS\MedCtrOC.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00101232 _____ () C:\WINDOWS\ocmsn.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00092056 _____ () C:\WINDOWS\tabletoc.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00091464 _____ () C:\WINDOWS\msgsocm.log
2014-07-01 12:12 - 2009-10-22 12:03 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-07-01 12:12 - 2008-09-15 13:33 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-07-01 11:50 - 2014-07-01 11:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070114-01.dmp
2014-07-01 11:50 - 2010-07-28 08:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-27 06:17 - 2009-07-01 19:05 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
2014-06-26 06:39 - 2014-06-26 06:38 - 00004300 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Java
2014-06-26 06:39 - 2008-09-15 13:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 21:02 - 2014-06-22 21:02 - 00000000 ____D () C:\Documents and Settings\Trony\Application Data\ilividmoviestoolbar20
2014-06-22 11:49 - 2014-06-22 11:49 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\OneNote Notebooks
2014-06-22 07:04 - 2013-12-28 00:07 - 00002323 _____ () C:\Documents and Settings\All Users\Desktop\Svjedočanstva.lnk
2014-06-22 06:38 - 2013-10-31 23:39 - 00000000 ____D () C:\Documents and Settings\Trony\My Documents\Statistika.maja 2013-14
2014-06-22 06:25 - 2014-06-22 06:25 - 00000000 ____D () C:\Documents and Settings\Trony\Local Settings\Application Data\Adobe
2014-06-22 06:17 - 2014-06-22 06:17 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-06-21 13:45 - 2013-12-28 00:12 - 03625897 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1935655697-1993962763-725345543-1003-0.dat
2014-06-21 13:45 - 2013-12-28 00:12 - 00306846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

https://www.mycity.rs/must-login.png

ComboFix 14-07-21.01 - Trony 22.07.2014 12:12:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT 2:00]
Running from: c:\documents and settings\Trony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET174.tmp
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-06-22 to 2014-07-22 )))))))))))))))))))))))))))))))
.
.
2014-07-21 21:01 . 2014-07-11 01:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-21 11:07 . 2014-07-22 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2014-07-21 11:07 . 2014-07-21 11:07 -------- d-----w- c:\program files\MCShield
2014-07-19 19:22 . 2014-07-21 14:06 -------- d-----w- C:\FRST
2014-07-10 13:44 . 2014-07-10 13:44 -------- d-----w- c:\documents and settings\Trony\Application Data\AVAST Software
2014-07-10 13:44 . 2014-07-10 13:44 -------- d-----w- c:\windows\jumpshot.com
2014-07-10 13:43 . 2014-07-10 13:43 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-10 13:43 . 2014-07-10 13:43 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-10 13:43 . 2014-07-10 13:43 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-10 13:43 . 2014-07-10 13:43 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 13:43 . 2014-07-10 13:43 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 13:43 . 2014-07-10 13:43 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 13:43 . 2014-07-10 13:43 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 13:43 . 2014-07-10 13:43 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-10 13:43 . 2014-07-10 13:43 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-10 13:43 . 2014-07-10 13:43 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 13:37 . 2014-07-10 13:37 -------- d-----w- c:\program files\AVAST Software
2014-07-10 13:26 . 2014-07-10 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-07-10 13:01 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-10 12:31 . 2007-05-25 09:00 172032 ----a-w- c:\windows\system32\igfxres.dll
2014-07-10 11:54 . 2014-07-10 11:54 22560 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-07-10 11:54 . 2014-07-10 11:54 -------- d-----w- c:\program files\HWiNFO32
2014-07-10 11:34 . 2014-07-10 11:34 -------- d-----w- c:\program files\FinalWire
2014-07-10 11:24 . 2014-07-10 11:24 -------- d-----w- c:\documents and settings\Trony\Application Data\TeamViewer
2014-07-01 10:14 . 2014-07-01 10:14 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-06-22 19:02 . 2014-06-22 19:02 -------- d-----w- c:\documents and settings\Trony\Application Data\ilividmoviestoolbar20
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 00:36 . 2008-09-15 11:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-08 21:03 . 2012-06-05 20:01 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 21:03 . 2012-02-11 09:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 13:43 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GameXN GO"="c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe" [2013-02-24 347008]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-09-25 724576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-10 4086432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Trony\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 18:41 136176 ----atw- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 17:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 08:08 16380416 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5247:TCP"= 5247:TCP:qtxib
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.7.2014 15:43 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.7.2014 15:43 192352]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [25.2.2013 17:52 13560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7.3.2009 20:38 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.7.2014 15:43 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10.7.2014 15:43 414520]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [10.7.2014 13:54 22560]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.7.2014 15:43 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.7.2014 15:43 67824]
R2 DeviceFinderService;DeviceFinderService;c:\program files\Sony\PlayMemories Home\dfs.exe [25.9.2012 19:58 149088]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [25.9.2012 19:57 474208]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [18.5.2007 5:50 374144]
S3 Ltn_rc;HID Infrared Remote Controler;c:\windows\system32\drivers\Ltn_rc.sys [27.12.2006 8:32 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 05:56 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 21:03]
.
2014-07-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10 13:43]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:05]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-30 17:05]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003Core.job
- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 18:41]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1993962763-725345543-1003UA.job
- c:\documents and settings\Trony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 18:41]
.
2014-07-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
2014-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-24 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Trony\Application Data\Mozilla\Firefox\Profiles\apw5f1lm.Default User\
FF - prefs.js: browser.startup.homepage - www.google.me
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-{2977d8cc-8902-4340-be88-2c676bf96b8d} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-ilividmoviestoolbar20IE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-22 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(720)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-07-22 12:26:24 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-22 10:26
.
Pre-Run: 5.624.991.744 bytes free
Post-Run: 8.469.626.880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FE877FD2519B1D23249F9EC33CD375BD
8F558EB6672622401DA993E1E865C861

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\program files\WinPCap
C:\Qoobox\Quarantine\C\windows\system32\Packet.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\pthreadVC.dll.vir
C:\Qoobox\Quarantine\C\windows\system32\wpcap.dll.vir
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Verovatno ćeš morati da deinstaliraš WinPCap.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

i onda da testiram vga?

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Ne, ovo radimo da bi popravili to što što CF obrisao (false positive). Problem nije izazvan malware-om, kada završimo moraćeš da se obratiš u Windows potforum.

Ko je trenutno na forumu
 

Ukupno su 1350 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 1316 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, amaterSRB, Andrija357, Atomski čoban, Bane san, Bobrock1, Boris BM, Dorcolac, drimer, GandorCC, Georgius, Litostroton, Lukaaa, Mi lao shu, milutin134, MiroslavD, mrav pesadinac, naki011, Panter, pein, Posmatrac77OKB, raptorsi, ruma, S2M, Sloven, taz1cl, vasa.93, vladulns, wolf1, zlatkoa987, zlaya011