Provera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

U poslednje vreme mi ponekad koci kompjuter..
npr. ovo mi se *ponekad* desava: kada slusam muziku na youtubu preko google chroma i ulazim na druge sajtove muzika pocne da secka i otezano ulazi na sajt, a nekad pocne da koci kada stavim na 1080p video i na full screen. Posle restarta bude ok, pa se posle odredjenog vremena vrate problemi...

Hvala

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by djone (administrator) on DJONE-PC on 25-11-2014 23:13:32
Running from C:\Users\djone\Desktop
Loaded Profile: djone (Available profiles: djone)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\djone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(BitTorrent Inc.) C:\Users\djone\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [675840 2008-08-01] (Sonix)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-11-21] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [uTorrent] => C:\Users\djone\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [Facebook Update] => C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-09] (Facebook Inc.)
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [Clownfish] => C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-09] (Facebook Inc.)
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\MountPoints2: {14465785-1207-11e3-bb68-001966dd6459} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
Startup: C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\djone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA671946D10DECD01
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2782105817-4022940092-2829393422-1000 -> {5F6E5C87-938D-4938-85CE-E50D879AD5F6} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^RS&apn_uid=e5347ffe-e382-45bb-b8f0-4731eb931769&apn_sauid=1F116700-EE52-4060-9264-AD6CD4506B2C
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2782105817-4022940092-2829393422-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\djone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-24]

Chrome:
=======
CHR Profile: C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple = Select + Search) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-05-25]
CHR Extension: (Google Docs) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (Image Downloader) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-05-25]
CHR Extension: (Google Search) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (Video Grabber) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbbkojeehbhdkficimpbnocdhkpnmnj [2014-05-25]
CHR Extension: (Heroes & Generals) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-06]
CHR Extension: (AdBlock) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-25]
CHR Extension: (Dream Afar New Tab) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn [2014-07-29]
CHR Extension: (Instant Translate) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2014-05-25]
CHR Extension: (PPMe) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknaoaccjjpmmllndcpmhgcojibapfgi [2014-09-11]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2014-05-25]
CHR Extension: (Quick Note) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Universe) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2014-08-27]
CHR Extension: (Gmail) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-19] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-14] (DT Soft Ltd)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2012-04-16] (HandSet Incorporated)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
U0 nkruurh; C:\Windows\System32\drivers\jebmgrwq.sys [79064 2014-11-25] (Malwarebytes Corporation)
S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [108296 2007-04-03] (MCCI Corporation)
S3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [31496 2007-04-03] (MCCI Corporation)
S3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [123656 2007-04-03] (MCCI Corporation)
S3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [130312 2007-04-03] (MCCI Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3557248 2009-06-03] ()
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 23:13 - 2014-11-25 23:14 - 00021295 _____ () C:\Users\djone\Desktop\FRST.txt
2014-11-25 23:11 - 2014-11-25 23:13 - 00000000 ____D () C:\FRST
2014-11-25 23:10 - 2014-11-25 23:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jebmgrwq.sys
2014-11-25 23:04 - 2014-11-25 23:05 - 02118144 _____ (Farbar) C:\Users\djone\Desktop\FRST64.exe
2014-11-25 22:31 - 2014-11-25 22:31 - 00638888 _____ (Oracle Corporation) C:\Users\djone\Desktop\chromeinstall-8u25.exe
2014-11-21 13:20 - 2014-11-21 13:20 - 00001598 _____ () C:\Users\djone\Documents\cc_20141121_132036.reg
2014-11-21 11:57 - 2014-11-21 11:57 - 00000000 ____D () C:\Users\djone\Desktop\Slike
2014-11-21 01:32 - 2014-11-21 01:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-11-21 01:23 - 2014-11-21 03:21 - 00000000 ____D () C:\Users\djone\.android
2014-11-21 01:22 - 2014-11-21 01:23 - 00000000 ____D () C:\Program Files\ZTE Handset USB Driver
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsvousb.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghstrace.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsnmea.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsdiagmdm.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsdiag.sys
2014-11-21 01:22 - 2012-05-24 20:00 - 00128624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsat.sys
2014-11-21 01:22 - 2012-04-16 15:56 - 00018456 _____ (HandSet Incorporated) C:\Windows\system32\Drivers\massfilter_hs.sys
2014-11-21 01:22 - 2012-03-09 14:44 - 00129176 _____ (HS Incorporated) C:\Windows\system32\Drivers\ghsmdm.sys
2014-11-21 01:22 - 2012-03-09 14:44 - 00129176 _____ (HS Incorporated) C:\Windows\system32\Drivers\ghsdiagMDM.sys
2014-11-21 01:22 - 2012-03-09 14:44 - 00129176 _____ (HS Incorporated) C:\Windows\system32\Drivers\ghsdiagAP.sys
2014-11-21 01:22 - 2012-03-09 14:44 - 00129176 _____ (HS Incorporated) C:\Windows\system32\Drivers\ghsat.sys
2014-11-21 01:22 - 2012-03-09 14:43 - 00129176 _____ (HS Incorporated) C:\Windows\system32\Drivers\ghsnmea.sys
2014-11-21 01:22 - 2012-03-08 15:02 - 00163352 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsnet.sys
2014-11-21 01:22 - 2012-03-08 15:02 - 00039448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\zghsvcom.sys
2014-11-21 01:22 - 2011-10-26 15:31 - 00067608 _____ (Google, inc) C:\Windows\AdbWinUsbApi.dll
2014-11-21 01:22 - 2011-08-15 16:43 - 00584584 _____ () C:\Windows\adb.exe
2014-11-21 01:22 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\Windows\AdbWinApi.dll
2014-11-21 01:22 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-11-21 01:22 - 2009-07-14 07:37 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-11-20 20:24 - 2014-11-20 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-11-19 17:35 - 2014-11-19 17:35 - 00000000 __SHD () C:\Users\djone\AppData\Local\EmieBrowserModeList
2014-11-19 13:52 - 2014-11-19 13:52 - 00067839 _____ () C:\Users\djone\Documents\Untitled.wma
2014-11-12 19:34 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 19:34 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 19:34 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 19:34 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 19:34 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 19:34 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 19:34 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 19:34 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 19:34 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 19:34 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 19:34 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 19:34 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 19:34 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 19:34 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 19:34 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 19:34 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 19:34 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 19:34 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 19:34 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 19:34 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 19:34 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 19:34 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 19:34 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 19:34 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 19:34 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 19:34 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 19:34 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 19:34 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 19:34 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 19:34 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 19:34 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 19:34 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 19:34 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 19:34 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 19:34 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 19:34 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 19:34 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 19:34 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 19:34 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 19:34 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 19:34 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 19:34 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 19:34 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 19:34 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 19:34 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 19:34 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 19:34 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 19:34 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 19:34 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 19:34 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 19:34 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 19:34 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 19:34 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 19:34 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 19:34 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 19:34 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 19:33 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 19:33 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 19:33 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 19:33 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 19:33 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 19:33 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 19:33 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 19:33 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 19:33 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 19:33 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 19:33 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 19:33 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 19:33 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 19:33 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 19:33 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 19:33 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 19:33 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 19:33 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 19:33 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 19:33 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 19:33 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 19:33 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 19:33 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 19:33 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 19:33 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 19:32 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 19:32 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 19:32 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 19:32 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 19:32 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 19:32 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 19:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 19:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 19:29 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 19:29 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-10 20:22 - 2014-11-10 20:22 - 00001698 _____ () C:\Users\djone\Desktop\Counter-Strike WaRzOnE.lnk
2014-11-10 20:22 - 2014-11-10 20:22 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2014-11-10 20:22 - 2014-11-10 20:22 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2014-11-10 20:22 - 2014-11-10 20:22 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2014-11-10 20:20 - 2014-11-10 20:20 - 00000000 ____D () C:\Games
2014-11-10 20:16 - 2014-11-10 20:16 - 00005518 _____ () C:\Users\djone\Documents\cc_20141110_201559.reg
2014-11-06 14:36 - 2014-11-06 14:36 - 00000000 ____D () C:\Users\djone\AppData\Roaming\ATI
2014-11-06 14:36 - 2014-11-06 14:36 - 00000000 ____D () C:\Users\djone\AppData\Local\ATI
2014-11-06 14:36 - 2014-11-06 14:36 - 00000000 ____D () C:\ProgramData\ATI
2014-11-06 14:35 - 2014-11-06 14:35 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-11-06 14:33 - 2014-11-06 14:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-06 14:32 - 2014-11-06 14:32 - 00067608 _____ () C:\Windows\SysWOW64\CCCInstall_201411061432493730.log
2014-11-06 14:32 - 2014-11-06 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-06 14:29 - 2014-11-06 14:29 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-11-06 14:29 - 2014-11-06 14:29 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-06 14:28 - 2014-11-06 14:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-06 14:28 - 2014-11-06 14:28 - 00000000 ____D () C:\Program Files\ATI
2014-11-06 14:26 - 2014-11-06 14:26 - 00000000 ____D () C:\AMD
2014-11-06 14:09 - 2014-11-06 14:09 - 00012542 _____ () C:\Users\djone\Documents\cc_20141106_140901.reg
2014-11-04 18:59 - 2014-11-04 18:59 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-10-27 12:40 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-27 12:40 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-27 12:40 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-27 12:40 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-27 12:40 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-27 12:40 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-27 12:40 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-27 12:40 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-27 12:40 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-27 12:40 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-27 12:40 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-27 12:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-27 12:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-27 12:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-27 12:40 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-27 12:40 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-27 12:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-27 12:40 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-27 12:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-27 12:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-27 12:40 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-27 12:40 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-27 12:40 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-27 12:40 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-27 12:40 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-27 12:40 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-27 12:40 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-27 12:40 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-27 12:40 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-27 12:38 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-27 12:38 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-27 12:38 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-27 12:38 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-27 12:38 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-27 12:38 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 23:13 - 2012-12-14 16:15 - 00000000 ____D () C:\Users\djone\AppData\Roaming\uTorrent
2014-11-25 23:11 - 2014-05-25 13:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 23:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2014-11-25 23:04 - 2012-12-27 19:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 22:39 - 2014-01-03 21:20 - 01767423 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 22:37 - 2014-10-15 12:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-25 22:37 - 2014-10-15 12:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 22:37 - 2013-09-30 20:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 21:01 - 2014-05-04 23:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 20:26 - 2014-05-24 12:46 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Raptr
2014-11-25 20:22 - 2014-06-09 16:17 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000UA.job
2014-11-25 19:13 - 2013-01-23 21:48 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{08B9666E-D8F1-4DD2-900D-A8B703DD3FDB}
2014-11-25 17:22 - 2014-06-09 16:17 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000Core.job
2014-11-25 16:11 - 2014-05-25 13:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 15:53 - 2013-12-08 15:26 - 00000000 ___RD () C:\Users\djone\Dropbox
2014-11-25 12:49 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 12:49 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 12:43 - 2013-12-08 15:22 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Dropbox
2014-11-25 12:42 - 2014-09-21 13:33 - 00000000 ____D () C:\ProgramData\MCShield
2014-11-25 12:42 - 2012-12-21 16:38 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-25 12:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 12:40 - 2014-10-22 06:00 - 00008135 _____ () C:\Windows\setupact.log
2014-11-23 22:02 - 2012-12-15 18:18 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Skype
2014-11-23 21:42 - 2012-12-15 18:18 - 00000000 ____D () C:\ProgramData\Skype
2014-11-23 20:28 - 2014-05-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-11-22 06:13 - 2014-05-25 13:44 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 03:23 - 2014-05-24 12:30 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 01:50 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 01:23 - 2012-12-14 13:52 - 00000000 ____D () C:\Users\djone
2014-11-17 02:15 - 2014-10-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes and Punishments
2014-11-14 10:45 - 2013-12-08 15:26 - 00000979 _____ () C:\Users\djone\Desktop\Dropbox.lnk
2014-11-14 10:45 - 2013-12-08 15:23 - 00000000 ____D () C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 16:06 - 2014-05-25 13:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 16:06 - 2014-05-25 13:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 00:45 - 2009-07-14 05:45 - 05062728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 00:42 - 2014-05-03 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 20:33 - 2012-12-14 13:55 - 00125928 _____ () C:\Users\djone\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 19:42 - 2012-12-21 16:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:04 - 2012-12-27 19:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 17:04 - 2012-12-15 17:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 17:04 - 2012-12-15 17:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 08:40 - 2014-05-24 12:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-11 12:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 14:33 - 2014-05-24 12:44 - 00000000 ____D () C:\ProgramData\AMD
2014-10-30 18:34 - 2013-07-31 21:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-10-30 18:34 - 2013-07-31 21:25 - 00000000 ____D () C:\Users\djone\AppData\Roaming\NCH Software
2014-10-30 18:04 - 2013-07-31 21:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-10-29 13:39 - 2013-03-23 20:27 - 00000000 ____D () C:\Users\djone\AppData\Roaming\PhotoScape
2014-10-27 13:28 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-26 16:04 - 2014-05-04 23:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 16:04 - 2014-05-04 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 16:04 - 2014-05-04 23:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

Files to move or delete:
====================
C:\Users\djone\fet2_settings.dat
C:\Users\djone\fet_settings.dat


Some content of TEMP:
====================
C:\Users\djone\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaigwyb.dll
C:\Users\djone\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd0zgf3.dll
C:\Users\djone\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 14:25

==================== End Of Log ============================


[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\MountPoints2: {14465785-1207-11e3-bb68-001966dd6459} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
CHR HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2782105817-4022940092-2829393422-1000 -> {5F6E5C87-938D-4938-85CE-E50D879AD5F6} URL = http://websearch.ask.com/redirect?client=ie&tb.....=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^RS&apn_uid=e5347ffe-e382-45bb-b8f0-4731eb931769&apn_sauid=1F116700-EE52-4060-9264-AD6CD4506B2C
CHR Extension: (Video Grabber) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbbkojeehbhdkficimpbnocdhkpnmnj [2014-05-25]
CHR Extension: (Heroes & Generals) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-06]
AlternateDataStreams: C:\Temp:list
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:srv
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Korak 2

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by djone at 2014-11-26 01:09:43 Run:1
Running from C:\Users\djone\Desktop
Loaded Profile: djone (Available profiles: djone)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\...\MountPoints2: {14465785-1207-11e3-bb68-001966dd6459} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
CHR HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2782105817-4022940092-2829393422-1000 -> {5F6E5C87-938D-4938-85CE-E50D879AD5F6} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^RS&apn_uid=e5347ffe-e382-45bb-b8f0-4731eb931769&apn_sauid=1F116700-EE52-4060-9264-AD6CD4506B2C
CHR Extension: (Video Grabber) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbbkojeehbhdkficimpbnocdhkpnmnj [2014-05-25]
CHR Extension: (Heroes & Generals) - C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-09-06]
AlternateDataStreams: C:\Temp:list
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:srv
EmptyTemp:
*****************

"HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14465785-1207-11e3-bb68-001966dd6459} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKCR\CLSID\{14465785-1207-11e3-bb68-001966dd6459} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A14B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2782105817-4022940092-2829393422-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F6E5C87-938D-4938-85CE-E50D879AD5F6}" => Key deleted successfully.
"HKCR\CLSID\{5F6E5C87-938D-4938-85CE-E50D879AD5F6}" => Key not found.
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbbkojeehbhdkficimpbnocdhkpnmnj => Moved successfully.
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge => Moved successfully.
C:\Temp => ":list" ADS removed successfully.
C:\Temp => ":pid1" ADS removed successfully.
C:\Temp => ":pid2" ADS removed successfully.
C:\Temp => ":srv" ADS removed successfully.
EmptyTemp: => Removed 2.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

A zoek.exe nece da skine, avast ga prijavljuje kao FileRepMetagen [Malware]
Da iskljucim zastitu, pa da ga onda skinem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isključi Avastovu zaštitu i probaj opet.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije ga restartovao.

Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by djone on 26-Nov-14 at 16:05:39.54.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\djone\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26-Nov-14 16:08:12 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\djone\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\djone\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
R3 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SwitchBoard] - Adobe SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswNdisFlt] - Avast! Firewall Driver - C:\Windows\system32\Drivers\aswNdisFlt.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [PxHlpa64] - PxHlpa64 - C:\Windows\system32\Drivers\PxHlpa64.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-21 00:22:47 F15BE81DD8E2261729951DDF459C0EF3 67608 ----a-w- C:\Windows\AdbWinUsbApi.dll
2014-11-21 00:22:47 EF4429000629D0592618E494592A33FB 102936 ----a-w- C:\Windows\AdbWinApi.dll
2014-11-21 00:22:47 5ADD45C7DBE05092BF6F33E55A700269 584584 ----a-w- C:\Windows\adb.exe
2014-11-06 13:35:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin
====== C:\Users\djone\AppData\Local\Temp ====
2014-11-26 00:11:56 EB4686F6F4BE2B00AA40978D551F66C4 43008 ----a-w- C:\Users\djone\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpki4lnu.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-12 18:34:58 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-11-12 18:34:58 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 18:34:57 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 18:34:57 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 18:34:57 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-11-12 18:34:56 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-11-12 18:34:56 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 18:34:56 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 18:34:56 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 18:34:55 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 18:34:54 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 18:34:54 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 18:34:54 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-11-12 18:34:53 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-11-12 18:34:53 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 18:34:52 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 18:34:52 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-11-12 18:34:52 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 18:34:52 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 18:34:51 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-11-12 18:34:49 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-11-12 18:34:49 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 18:34:48 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-11-12 18:34:48 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 18:34:48 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-11-12 18:34:48 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-11-12 18:33:33 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 18:33:26 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-11-12 18:33:25 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2014-11-12 18:33:25 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-11-12 18:33:25 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2014-11-12 18:33:14 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 18:33:14 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-11-12 18:33:13 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 18:33:13 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 18:33:13 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-11-12 18:33:13 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-11-12 18:33:12 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-11-12 18:33:07 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 18:33:07 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 18:33:07 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 18:32:57 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-11-12 18:32:57 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 18:32:56 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-11-12 18:32:49 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-11-12 18:29:59 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-21 00:22:49 246900CE6474718730ECD4F873234CF5 1002728 ----a-w- C:\Windows\Sysnative\WinUSBCoInstaller2.dll
2014-11-21 00:22:48 4DA5DA193E0E4F86F6F8FD43EF25329A 1721576 ----a-w- C:\Windows\Sysnative\WdfCoInstaller01009.dll
2014-11-12 18:34:57 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-11-12 18:34:57 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-11-12 18:34:57 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-11-12 18:34:57 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-11-12 18:34:57 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-11-12 18:34:56 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-11-12 18:34:54 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-11-12 18:34:54 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-11-12 18:34:53 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-11-12 18:34:52 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-11-12 18:34:52 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-11-12 18:34:52 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-11-12 18:34:51 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-11-12 18:34:51 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-11-12 18:34:50 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-11-12 18:34:50 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-11-12 18:34:48 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-11-12 18:34:48 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-11-12 18:34:47 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-11-12 18:34:47 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-11-12 18:34:46 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-11-12 18:34:46 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-11-12 18:34:46 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-11-12 18:34:45 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-11-12 18:34:45 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-11-12 18:34:45 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-11-12 18:34:45 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-11-12 18:34:44 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-11-12 18:34:44 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-11-12 18:34:43 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-11-12 18:33:33 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL
2014-11-12 18:33:27 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-11-12 18:33:26 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-11-12 18:33:26 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-11-12 18:33:25 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2014-11-12 18:33:17 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-11-12 18:33:15 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-11-12 18:33:15 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-11-12 18:33:13 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-11-12 18:33:13 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-11-12 18:33:13 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-11-12 18:33:13 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-12 18:33:12 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-11-12 18:33:07 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-11-12 18:33:07 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-11-12 18:33:07 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-11-12 18:33:07 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-11-12 18:33:07 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-12 18:33:04 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-11-12 18:33:01 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-11-12 18:33:00 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-11-12 18:32:57 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2014-11-12 18:32:57 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll
2014-11-12 18:32:57 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-11-12 18:32:50 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-11-12 18:29:59 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll
====== C:\Windows\Sysnative\drivers =====
2014-11-21 00:32:17 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-11-21 00:22:52 F830209BE5FB71A13873E8314BE3033E 39448 ----a-w- C:\Windows\Sysnative\drivers\zghsvcom.sys
2014-11-21 00:22:52 F7C057E8B884CB5FC34076A75D5FD7E7 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsnmea.sys
2014-11-21 00:22:52 C0BC1EBA8FD123E8AE83058FA3B83500 129176 ----a-w- C:\Windows\Sysnative\drivers\ghsmdm.sys
2014-11-21 00:22:52 B8FAACBA149248325042E71316894A7C 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsmdm.sys
2014-11-21 00:22:52 A08F2F95B4A23B894D29B8437F9E5B58 163352 ----a-w- C:\Windows\Sysnative\drivers\zghsnet.sys
2014-11-21 00:22:52 922AB920989A344887B854CAF8089F51 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsdiag.sys
2014-11-21 00:22:52 8D7A92BF353E75DCE09E69CD540682E0 128624 ----a-w- C:\Windows\Sysnative\drivers\zghstrace.sys
2014-11-21 00:22:52 858AE188D7EFBECDEBE98B0963DF3D6D 129176 ----a-w- C:\Windows\Sysnative\drivers\ghsnmea.sys
2014-11-21 00:22:52 5256CBBA1DBA2D235CD148BD91F9D4B3 129176 ----a-w- C:\Windows\Sysnative\drivers\ghsdiagAP.sys
2014-11-21 00:22:52 46AF4C61B47CE6F6002566C5DB445B80 129176 ----a-w- C:\Windows\Sysnative\drivers\ghsdiagMDM.sys
2014-11-21 00:22:52 2D685E348D4A619C2F3B82FA6FEED00B 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsdiagmdm.sys
2014-11-21 00:22:52 15C0068C3B737D630355663BAB2FC2F0 129176 ----a-w- C:\Windows\Sysnative\drivers\ghsat.sys
2014-11-21 00:22:52 121A6073F66C1E6F85A134FF368952F8 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsvousb.sys
2014-11-21 00:22:52 0B21790F87B38EFDB2E29AE7490600F0 128624 ----a-w- C:\Windows\Sysnative\drivers\zghsat.sys
2014-11-21 00:22:52 092D6F6F9FF6AE6C3A3D36DD17CC9D96 18456 ----a-w- C:\Windows\Sysnative\drivers\massfilter_hs.sys
2014-11-12 18:33:27 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-21 00:22:47 -------- d-----w- C:\Program Files\ZTE Handset USB Driver
2014-11-06 13:28:33 -------- d-----w- C:\Program Files\ATI
======= C:\PROGRA~2 =====
2014-11-25 21:38:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-11-06 13:33:08 -------- d-----w- C:\PROGRA~2\AMD AVT
======= C: =====
====== C:\Users\djone\AppData\Roaming ======
2014-11-19 16:35:16 -------- d-sh--w- C:\Users\djone\AppData\Local\EmieBrowserModeList
2014-11-15 00:49:07 -------- d-sh--w- C:\Users\djone\AppData\Locallow\EmieBrowserModeList
2014-11-10 19:22:15 -------- d-----w- C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2014-11-10 19:22:15 -------- d-----w- C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2014-11-10 19:22:15 -------- d-----w- C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2014-11-07 02:52:56 D10D80749AF7F327E7CF9647F2BEE88B 411088 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-11-06 13:36:18 -------- d-----w- C:\Users\djone\AppData\Roaming\ATI
2014-11-06 13:36:18 -------- d-----w- C:\Users\djone\AppData\Local\ATI
2014-11-06 13:20:36 B00CB4C58CD1D89CF86B3DCC89D61A8C 125928 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
====== C:\Users\djone ======
2014-11-25 22:04:49 7AEDDC1A55682B74EA03E81C1527D8F7 2118144 ----a-w- C:\Users\djone\Desktop\FRST64.exe
2014-11-21 00:23:22 -------- d---a-w- C:\Users\djone\.android
2014-11-20 19:24:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-11-11 20:04:04 F79FAA6FA9F8E4D8152750171053D45C 29696 ----a-w- C:\Users\djone\propratno_pismo_2.doc
2014-11-11 20:04:01 F9869DF25644837359D36815121F0FA0 28672 ----a-w- C:\Users\djone\propratno_pismo_1.doc
2014-11-06 13:36:18 -------- d-----w- C:\ProgramData\ATI
2014-11-06 13:32:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-04 17:59:04 -------- d-----w- C:\Users\Public\Foxit Software
2014-11-04 13:51:24 255EB92A38B9C987697016E9B46DB364 12291 ----a-w- C:\Users\djone\Švedske palačinke.docx

====== C: exe-files ==
2014-11-25 22:04:49 7AEDDC1A55682B74EA03E81C1527D8F7 2118144 ----a-w- C:\Users\djone\Desktop\FRST64.exe
2014-11-25 21:37:53 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2014-11-25 21:37:53 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-11-25 21:37:53 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-11-25 21:37:43 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-11-25 21:37:43 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-11-25 21:37:43 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-11-25 21:37:43 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-11-25 21:37:43 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-11-25 21:37:43 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-11-25 21:37:43 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-11-25 21:37:43 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-11-25 21:37:43 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-11-25 21:37:42 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-11-25 21:37:42 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-11-25 21:37:42 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-11-25 21:37:42 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-11-25 21:37:42 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-11-25 21:37:41 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-11-25 21:37:40 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-11-25 21:37:40 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-11-25 21:37:40 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-11-25 21:37:39 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-11-25 21:37:39 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-11-25 21:37:38 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-11-25 20:13:59 C10E5EF1B85DE5B79AC2815C9A677D1F 1385808 ----a-w- C:\Users\djone\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe
2014-11-22 05:13:04 DBDC93187B17D055F0B17838C7D264BE 6838864 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.65\39.0.2171.65_38.0.2125.111_chrome_updater.exe
2014-11-21 20:44:27 04B527565BC4D0105D7B1BB4048332F4 49990816 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\raptr-4.2.5-r90154-release.exe
2014-11-21 00:22:48 CA1225BD9EDD45134F1DA66237746912 103752 ----a-w- C:\Program Files\ZTE Handset USB Driver\EjectDisk.exe
2014-11-21 00:22:48 84683F874438FC2E11D5F5C9F0234326 120688 ----a-w- C:\Program Files\ZTE Handset USB Driver\USBDriverInstaller_x86.exe
2014-11-21 00:22:48 5ADD45C7DBE05092BF6F33E55A700269 584584 ----a-w- C:\Program Files\ZTE Handset USB Driver\adb.exe
2014-11-21 00:22:48 07DDA2C2938EEFF2FFC4B1EBC0AA9B28 129904 ----a-w- C:\Program Files\ZTE Handset USB Driver\USBDriverInstaller_x64.exe
2014-11-21 00:22:47 5ADD45C7DBE05092BF6F33E55A700269 584584 ----a-w- C:\Windows\adb.exe
2014-11-21 00:22:47 385BEB57FD94D158CFAFC45DADB93EDD 710512 ----a-w- C:\Program Files\ZTE Handset USB Driver\unins000.exe
2014-11-20 23:21:40 FF56E7E4C759079EF94655ED87FA8FFF 4214544 ----a-w- C:\Program Files (x86)\Raptr\vcredist_x86.exe
2014-11-20 23:21:38 69C28E7BAB502935E7E96C9F53F4482F 45840 ----a-w- C:\Program Files (x86)\Raptr\raptr_im.exe
2014-11-20 23:21:38 38429BDE3F544D3B38CF3DFE4691688B 55568 ----a-w- C:\Program Files (x86)\Raptr\raptrstub.exe
2014-11-20 23:21:36 D252F67FFD162C1758F50063CFB2C1ED 706832 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server64-90151.exe
2014-11-20 23:21:36 2678292B48B79DD14825C05273CD0A98 67344 ----a-w- C:\Program Files (x86)\Raptr\raptr.exe
2014-11-20 23:21:36 0E2851E9EB7B7EA906C80FD62FAF9871 595216 ----a-w- C:\Program Files (x86)\Raptr\raptr_encoder_server-90151.exe
2014-11-20 23:21:34 06F855202E2B5E2A379E35A461B68090 45328 ----a-w- C:\Program Files (x86)\Raptr\f2p_ping.exe
2014-11-20 23:21:00 5E3DC7F5A98603744F4ACEB65F97FD83 148736 ----a-w- C:\Program Files (x86)\Raptr\raptr_ep64.exe
2014-11-19 21:32:49 12D7BD58AD07FDA351394D5FDF8A7660 49997440 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\raptr-4.2.4-r90040-release.exe
=== C: other files ==
2014-11-26 00:13:39 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\data\raptrguestmh4lzscn\config\certificates\x509\tls_peers\xmpp-server6.raptr.com
2014-11-25 21:37:44 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-11-25 19:57:19 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\data\raptrguestmh4lzscn\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
2014-11-25 11:43:33 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\data\raptrguestmh4lzscn\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2014-11-24 09:21:15 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\data\raptrguestmh4lzscn\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
2014-11-21 09:01:15 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\djone\AppData\Roaming\Raptr\data\raptrguestmh4lzscn\config\certificates\x509\tls_peers\xmpp-server2.raptr.com
2014-11-21 00:22:52 F830209BE5FB71A13873E8314BE3033E 39448 ----a-w- C:\Windows\System32\drivers\zghsvcom.sys
2014-11-21 00:22:52 F7C057E8B884CB5FC34076A75D5FD7E7 128624 ----a-w- C:\Windows\System32\drivers\zghsnmea.sys
2014-11-21 00:22:52 C0BC1EBA8FD123E8AE83058FA3B83500 129176 ----a-w- C:\Windows\System32\drivers\ghsmdm.sys
2014-11-21 00:22:52 B8FAACBA149248325042E71316894A7C 128624 ----a-w- C:\Windows\System32\drivers\zghsmdm.sys
2014-11-21 00:22:52 A08F2F95B4A23B894D29B8437F9E5B58 163352 ----a-w- C:\Windows\System32\drivers\zghsnet.sys
2014-11-21 00:22:52 922AB920989A344887B854CAF8089F51 128624 ----a-w- C:\Windows\System32\drivers\zghsdiag.sys
2014-11-21 00:22:52 8D7A92BF353E75DCE09E69CD540682E0 128624 ----a-w- C:\Windows\System32\drivers\zghstrace.sys
2014-11-21 00:22:52 858AE188D7EFBECDEBE98B0963DF3D6D 129176 ----a-w- C:\Windows\System32\drivers\ghsnmea.sys
2014-11-21 00:22:52 5256CBBA1DBA2D235CD148BD91F9D4B3 129176 ----a-w- C:\Windows\System32\drivers\ghsdiagAP.sys
2014-11-21 00:22:52 46AF4C61B47CE6F6002566C5DB445B80 129176 ----a-w- C:\Windows\System32\drivers\ghsdiagMDM.sys
2014-11-21 00:22:52 2D685E348D4A619C2F3B82FA6FEED00B 128624 ----a-w- C:\Windows\System32\drivers\zghsdiagmdm.sys
2014-11-21 00:22:52 15C0068C3B737D630355663BAB2FC2F0 129176 ----a-w- C:\Windows\System32\drivers\ghsat.sys
2014-11-21 00:22:52 121A6073F66C1E6F85A134FF368952F8 128624 ----a-w- C:\Windows\System32\drivers\zghsvousb.sys
2014-11-21 00:22:52 0B21790F87B38EFDB2E29AE7490600F0 128624 ----a-w- C:\Windows\System32\drivers\zghsat.sys
2014-11-21 00:22:52 092D6F6F9FF6AE6C3A3D36DD17CC9D96 18456 ----a-w- C:\Windows\System32\drivers\massfilter_hs.sys
2014-11-21 00:22:51 9F96A3FCE5EA0E670E56A61C31481BF4 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsvousb.sys
2014-11-21 00:22:51 9A565DC25549185203DC1EE2DA10E9E3 34840 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsvcom.sys
2014-11-21 00:22:51 883F7C7E889CF7A316DD2DC2BD92D870 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghstrace.sys
2014-11-21 00:22:50 DBB7897A40739E3F79AE3D095DDEE535 113304 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\ghsnmea.sys
2014-11-21 00:22:50 D160712C41EDEC29860C4045B5D8BCA0 113304 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\ghsmdm.sys
2014-11-21 00:22:50 C9391DBF6E61D7FABA3A7EEFB74ED07D 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsdiag.sys
2014-11-21 00:22:50 C403F97D1915AF1BFEB8DD42763EB5AB 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsat.sys
2014-11-21 00:22:50 BBDCB5A227CB2E3198392018A061D996 15896 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\massfilter_hs.sys
2014-11-21 00:22:50 665AAE462935605A65C650EE06C96D23 138264 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsnet.sys
2014-11-21 00:22:50 62BA5ABBED71183F662EF8B8170B730D 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsnmea.sys
2014-11-21 00:22:50 52326F76F67DA728F17AA878C3FB83FD 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsmdm.sys
2014-11-21 00:22:50 4A5A0757B8FE271CD28AFD47B06CC53A 112752 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\zghsdiagmdm.sys
2014-11-21 00:22:50 40948D1004D7BE3F128025641967B12A 113304 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\ghsdiagMDM.sys
2014-11-21 00:22:50 19E314E66139F26A7F07EB74910C944D 113304 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\ghsdiagAP.sys
2014-11-21 00:22:49 F830209BE5FB71A13873E8314BE3033E 39448 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsvcom.sys
2014-11-21 00:22:49 F7C057E8B884CB5FC34076A75D5FD7E7 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsnmea.sys
2014-11-21 00:22:49 B8FAACBA149248325042E71316894A7C 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsmdm.sys
2014-11-21 00:22:49 A08F2F95B4A23B894D29B8437F9E5B58 163352 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsnet.sys
2014-11-21 00:22:49 922AB920989A344887B854CAF8089F51 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsdiag.sys
2014-11-21 00:22:49 8D7A92BF353E75DCE09E69CD540682E0 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghstrace.sys
2014-11-21 00:22:49 313C9F30949C15137317BCFAF7539C0F 113304 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\i386\ghsat.sys
2014-11-21 00:22:49 2D685E348D4A619C2F3B82FA6FEED00B 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsdiagmdm.sys
2014-11-21 00:22:49 121A6073F66C1E6F85A134FF368952F8 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsvousb.sys
2014-11-21 00:22:49 0B21790F87B38EFDB2E29AE7490600F0 128624 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\zghsat.sys
2014-11-21 00:22:48 C0BC1EBA8FD123E8AE83058FA3B83500 129176 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\ghsmdm.sys
2014-11-21 00:22:48 AAD05C357BB012D2D7A7341066776F8C 224 ----a-w- C:\Program Files\ZTE Handset USB Driver\ADBuninstall.bat
2014-11-21 00:22:48 858AE188D7EFBECDEBE98B0963DF3D6D 129176 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\ghsnmea.sys
2014-11-21 00:22:48 5256CBBA1DBA2D235CD148BD91F9D4B3 129176 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\ghsdiagAP.sys
2014-11-21 00:22:48 46AF4C61B47CE6F6002566C5DB445B80 129176 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\ghsdiagMDM.sys
2014-11-21 00:22:48 1DDFCB8D39E809DFCDEDB9B256A27A2D 62 ----a-w- C:\Program Files\ZTE Handset USB Driver\ADBinstall.bat
2014-11-21 00:22:48 15C0068C3B737D630355663BAB2FC2F0 129176 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\ghsat.sys
2014-11-21 00:22:48 092D6F6F9FF6AE6C3A3D36DD17CC9D96 18456 ----a-w- C:\Program Files\ZTE Handset USB Driver\Drivers\amd64\massfilter_hs.sys
2014-11-20 23:21:26 2D572D06611D065E14EBAA6AB72A1157 9976173 ----a-w- C:\Program Files (x86)\Raptr\library.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2782105817-4022940092-2829393422-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\djone\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"
"Facebook Update"="C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerDVD14Agent"="C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Raptr"="C:\Program Files (x86)\Raptr\raptrstub.exe --startup"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\djone\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"
"Facebook Update"="C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"snp2uvc"="C:\Windows\vsnp2uvc.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Clownfish]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Clownfish"
"hkey"="HKCU"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Pro Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixCamera]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FixCamera"
"hkey"="HKLM"
"command"="C:\\Windows\\FixCamera.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerDVD13Agent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerDVD13Agent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD13\\PowerDVD13Agent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snp2uvc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="snp2uvc"
"hkey"="HKLM"
"command"="C:\\Windows\\vsnp2uvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsnp2uvc]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsnp2uvc"
"hkey"="HKLM"
"command"="C:\\Windows\\tsnp2uvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]


==== Startup Folders ======================

2013-12-08 14:24:02 1011 ----a-w- C:\Users\djone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000Core.job --a------ C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe [09-Jun-14 16:17]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000Core" [C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2782105817-4022940092-2829393422-1000UA" [C:\Users\djone\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{08B9666E-D8F1-4DD2-900D-A8B703DD3FDB}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{10453194-5C32-466A-ADAC-1421708FD578}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{A0230EF4-F551-4399-A108-A0D559C01194}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19-Jul-14 15:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\djone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19-Jul-14 15:22]

Simple = Select Search - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo
Google Docs - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Image Downloader - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj
Google Search - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Dream Afar New Tab - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn
Instant Translate - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
PPMe - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknaoaccjjpmmllndcpmhgcojibapfgi
English - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp
Quick Note - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
Google Wallet - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Universe - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk
Gmail - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
MB2 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablnpmdakdiclnimkjfcaibpgjhapkbl
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\djone\AppData\Local\Chromium\User Data\Default\Preferences
"homepage": "http://program.avast.com/api/?action=2&p_elm=15",

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.rs/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 26-Nov-14 at 16:14:45.31 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

ablnpmdakdiclnimkjfcaibpgjhapkbl;chr
emptyclsid;
emptyalltemp;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako msm da je bio mali problem.
Odradio sam ovo sto si rekao, zoek je odradio svoje i restartovao komp, ali posle restartovanja sistem nije hteo da se digne, pojavio se crni ekran i tako je zabo, pa sam ga rucno restartovao, posle cega se ukljucio Startup repair i trazio da Restoruje sistem ,ali ja nisam hteo pa sam ga opet restartovao i posle toga je lepo usao u sistem.


Zoek.exe v5.0.0.0 Updated 05-November-2014
Tool run by djone on 26-Nov-14 at 19:41:35.39.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\djone\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-26-151445.log 51647 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\eSellerate deleted
C:\Users\djone\.android deleted
C:\PROGRA~2\Conduit deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\djone\AppData\Local\CRE deleted
C:\Users\djone\AppData\Local\APN deleted
C:\Users\djone\AppData\Local\PackageAware deleted
C:\Users\djone\AppData\LocalLow\Conduit deleted
C:\END deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default\Invalidprefs.js deleted
C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19-Jul-14 15:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\djone\AppData\Roaming\Mozilla\Firefox\Profiles\6w7p4s5q.default
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\djone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19-Jul-14 15:22]

Simple = Select Search - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo
Google Docs - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Image Downloader - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj
Google Search - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Dream Afar New Tab - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn
Instant Translate - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
PPMe - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknaoaccjjpmmllndcpmhgcojibapfgi
English - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp
Quick Note - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
Google Wallet - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Universe - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk
Gmail - djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
MB2 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablnpmdakdiclnimkjfcaibpgjhapkbl
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\djone\AppData\Local\Chromium\User Data\Default\Preferences
"homepage": "http://program.avast.com/api/?action=2&p_elm=15",

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== Chromium Fix ======================

C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablnpmdakdiclnimkjfcaibpgjhapkbl deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_henmfoppjjkcencpbjaigfahdjlgpegn_0.localstorage deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_henmfoppjjkcencpbjaigfahdjlgpegn_0.localstorage-journal deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknaoaccjjpmmllndcpmhgcojibapfgi deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kknaoaccjjpmmllndcpmhgcojibapfgi_0.localstorage deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kknaoaccjjpmmllndcpmhgcojibapfgi_0.localstorage-journal deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kknaoaccjjpmmllndcpmhgcojibapfgi_0 deleted successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kknaoaccjjpmmllndcpmhgcojibapfgi deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.rs/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.rs/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD13Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\djone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\djone\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\djone\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=787 folders=167 33376323 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\djone\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\djone\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26-Nov-14 at 20:20:59.46 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje? Da li ti i dalje koči browser?






Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malo upocetku, ali kad se razradi dobro radi.

Nije bilo malwera.

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
[Link mogu videti samo ulogovani korisnici]

Database version: v2014.11.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
djone :: DJONE-PC [administrator]

26-Nov-14 21:08:23
mbar-log-2014-11-26 (21-08-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 324199
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onda problem vjerovatno pravi neka od ekstenzija za Chrome. U svakom slučaju ostaje ti još da obrišeš alate koje sm okoristi tako što ćeš:




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.