MyCity » Ambulanta -> Arhiva Ambulante » Provera: Spor komp, CPU 100% DISK 100%

Provera: Spor komp, CPU 100% DISK 100%

Napisano na dan: 21.2.2017

Provera: Spor komp, CPU 100% DISK 100%

Idi na vrh

Poslao: 21 Feb 2017 22:14
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

U poslednje vreme mi se desava da komp naglo uspori.
Na task manageru CPU na svakih par minuta izlazi na 90-100% DISK takodje.
Avast nista nije nasao, MBAM takodje nista.
Ono sto mi upada u oci kada cpu i disk zakucaju na 100% pojavljuje se u procesima svchost.exe (LocalSystemNetworkRestricted).










Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by lanmilan (administrator) on LANMI (21-02-2017 21:42:22)
Running from C:\Users\lanmilan\Downloads
Loaded Profiles: lanmilan (Available Profiles: lanmilan & Guest)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Gramblr\gramblr.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Picasa3\PicasaPhotoViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\lanmilan\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2016-01-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\Run: [Viber] => C:\Users\lanmilan\AppData\Local\Viber\Viber.exe [43999824 2017-01-16] (Viber Media S.à r.l.) <===== ATTENTION
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {2c339170-018f-11e6-82f1-d05099535c6a} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {91c38a27-a4dd-11e5-82a0-d05099535c6a} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9155fcb-d1a7-11e5-82c2-d05099535c6a} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9b455a4-a022-11e5-8297-d05099535c6a} - "F:\iLinker.exe"
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\...\MountPoints2: {e9d6ba03-2f23-11e6-8323-d05099535c6a} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-31]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-10-23]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar662.lnk [2017-02-21]
ShortcutTarget: Sidebar662.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C7CA8F6A-45AC-4C20-98C8-2E85F4104A01}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3318695099-3213434911-3798809956-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 5khn7kk6.default
FF ProfilePath: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default [2017-02-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5khn7kk6.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5khn7kk6.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5khn7kk6.default -> google.rs
FF Extension: (anonymoX) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\client@anonymox.net.xpi [2017-01-29]
FF Extension: (Facebook Color Changer) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\jid0-Eyur3vR97jbHklhdHVBnn9OBILU@jetpack.xpi [2015-08-17]
FF Extension: (YouTube™ AdBlock) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2016-07-18]
FF Extension: (Qualys BrowserCheck) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-12-10] [not signed]
FF Extension: (Adblock Plus) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (YouTube MP3) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ad}.xpi [2016-12-15]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\features\{6a568d3e-54a2-49a1-81fc-aa614db83421}\disableSHA1rollout@mozilla.org.xpi [2017-02-18]
FF SearchPlugin: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\5khn7kk6.default\searchplugins\firefox-add-ons.xml [2015-08-17]
FF ProfilePath: C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default [2017-02-21]
FF Homepage: Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default -> google.rs
FF Extension: (ADB Helper) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\adbhelper@mozilla.org [2015-11-15]
FF Extension: (anonymoX) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\client@anonymox.net.xpi [2015-09-28]
FF Extension: (Valence) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2015-10-22]
FF Extension: (AdBlock for YouTube™) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2015-10-07]
FF Extension: (ChatZilla) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-28]
FF Extension: (Adblock Plus) - C:\Users\lanmilan\AppData\Roaming\Mozilla\Firefox\Profiles\0fzyovf3.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-12-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-20] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-31] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3318695099-3213434911-3798809956-1001: SkypePlugin -> C:\Users\lanmilan\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3318695099-3213434911-3798809956-1001: SkypePlugin64 -> C:\Users\lanmilan\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.rs/"
CHR Profile: C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-11]
CHR Extension: (Google Docs) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-11]
CHR Extension: (YouTube) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11]
CHR Extension: (Adblock Plus) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-31]
CHR Extension: (Who Deleted Me) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2017-02-09]
CHR Extension: (Avast SafePrice) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-11]
CHR Extension: (EditThisCookie) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Avast Online Security) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Unseen) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2017-02-16]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\lanmilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - [Link mogu videti samo ulogovani korisnici]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - [Link mogu videti samo ulogovani korisnici]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-13] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10242640 2017-02-08] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2016-01-31] (RealNetworks, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [111128 2016-03-07] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:40 - 2017-02-21 21:40 - 02422784 _____ (Farbar) C:\Users\lanmilan\Downloads\FRST64 (1).exe
2017-02-21 21:34 - 2017-02-21 21:34 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 20:52 - 2017-02-21 21:30 - 00000000 ____D C:\ProgramData\TEMP
2017-02-21 20:52 - 2017-02-21 20:56 - 05174483 _____ C:\Windows\system32\Drivers\Cat.DB
2017-02-21 20:52 - 2017-02-21 20:54 - 00000000 ____D C:\ProgramData\PC Tools
2017-02-21 20:52 - 2017-02-21 20:52 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\TestApp
2017-02-21 20:52 - 2012-11-01 15:35 - 00253256 _____ (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys
2017-02-21 20:51 - 2017-02-21 20:51 - 04130384 _____ (PC Tools) C:\Users\lanmilan\Downloads\spyware_doctor.exe.EXE
2017-02-21 20:51 - 2017-02-21 20:51 - 01218826 _____ ( ) C:\Users\lanmilan\Downloads\spyware_doctor_0349009924.exe
2017-02-20 18:23 - 2017-02-20 18:23 - 02437672 _____ C:\Users\lanmilan\Desktop\OperaNeonSetup.exe
2017-02-20 18:23 - 2017-02-20 18:23 - 00002524 _____ C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Neon.lnk
2017-02-20 18:23 - 2017-02-20 18:23 - 00002516 _____ C:\Users\lanmilan\Desktop\Opera Neon.lnk
2017-02-20 18:10 - 2017-02-20 18:09 - 01159904 _____ (Opera Software) C:\Users\lanmilan\Desktop\OperaSetup.exe
2017-02-16 22:17 - 2017-02-18 13:35 - 00003654 _____ C:\Users\lanmilan\Desktop\jokic intervju.txt
2017-02-14 21:43 - 2017-02-14 21:44 - 36576438 _____ (FinalWire Ltd. ) C:\Users\lanmilan\Downloads\Unconfirmed 625122.crdownload
2017-02-14 21:32 - 2017-02-14 21:32 - 03370307 _____ C:\Users\lanmilan\Downloads\hw64_544.zip
2017-02-14 01:15 - 2017-02-16 17:32 - 00000280 _____ C:\Users\lanmilan\Desktop\pitanja update 14.02..txt
2017-02-13 19:55 - 2017-02-13 19:55 - 00116061 _____ C:\Users\lanmilan\Downloads\ST.pdf
2017-02-11 11:47 - 2017-02-11 11:47 - 00009539 _____ C:\Users\lanmilan\Desktop\tacno.txt
2017-02-08 23:48 - 2017-02-08 23:48 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-08 23:48 - 2017-02-08 23:48 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 23:48 - 2017-02-08 23:46 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 23:48 - 2017-02-08 23:46 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 23:48 - 2017-02-08 23:46 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 23:48 - 2017-02-08 23:46 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-08 18:54 - 2017-02-08 18:54 - 00001354 _____ C:\Users\lanmilan\Desktop\yyy.txt
2017-02-08 18:34 - 2017-02-08 18:34 - 00000268 _____ C:\Users\lanmilan\Desktop\zzz.txt
2017-02-06 17:54 - 2017-02-06 17:54 - 00109711 _____ C:\Users\lanmilan\Downloads\STAN-1.pdf
2017-02-05 20:05 - 2017-02-05 20:05 - 00115669 _____ C:\Users\lanmilan\Downloads\stanovi.pdf
2017-02-05 15:58 - 2017-02-05 15:58 - 00001260 _____ C:\Users\lanmilan\Downloads\566214_94084782_DelFix.txt
2017-02-05 14:02 - 2017-02-05 20:00 - 00000000 ____D C:\Users\lanmilan\Desktop\reminder
2017-02-05 13:46 - 2017-02-05 13:46 - 07497630 _____ C:\Users\lanmilan\Downloads\Unconfirmed 716363.crdownload
2017-02-05 11:45 - 2017-02-05 11:45 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-02-05 11:45 - 2017-02-05 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-05 11:44 - 2017-02-05 11:44 - 41213952 _____ C:\Users\lanmilan\Downloads\SkypeSetup_7.28.0.101.msi
2017-02-05 11:42 - 2017-02-05 11:42 - 00496915 _____ C:\Users\lanmilan\Downloads\Windows8.1-KB2902892-x86.msu
2017-02-05 11:34 - 2017-02-05 11:34 - 00791728 _____ C:\Users\lanmilan\Downloads\Windows8.1-KB2902892-x64 (1).msu
2017-02-05 11:33 - 2017-02-05 11:33 - 00791728 _____ C:\Users\lanmilan\Downloads\Windows8.1-KB2902892-x64.msu
2017-02-05 03:16 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-05 03:16 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-05 02:48 - 2016-12-01 15:13 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-02-05 02:48 - 2016-12-01 15:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-02-05 02:47 - 2016-12-01 15:13 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-02-05 02:47 - 2016-12-01 15:11 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-02-05 02:38 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-05 02:38 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-05 02:38 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-05 02:38 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-05 02:38 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-05 02:38 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-05 02:38 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-02-05 02:38 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-05 02:38 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-05 02:38 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-05 02:38 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-05 02:38 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-05 02:38 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-05 02:38 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-05 02:38 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-05 02:38 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-05 02:38 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-05 02:38 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-05 02:38 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-05 02:38 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-05 02:38 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-05 02:38 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-05 02:38 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-05 02:38 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-05 02:38 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-05 02:38 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-05 02:38 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-05 02:38 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-05 02:38 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-05 02:38 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-05 02:38 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-05 02:38 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-05 02:38 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-05 02:38 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-05 02:38 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-05 02:38 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-05 02:38 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-05 02:38 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-05 02:36 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-05 02:36 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-05 01:52 - 2017-02-05 01:52 - 04015056 _____ C:\Users\lanmilan\Downloads\adwcleaner_6.043.exe
2017-02-05 00:52 - 2017-02-05 00:52 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-05 00:51 - 2017-02-05 00:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-05 00:51 - 2017-02-05 00:51 - 00000000 ____D C:\Program Files\MSBuild
2017-02-05 00:44 - 2017-02-05 00:56 - 00000000 ____D C:\Program Files (x86)\AppCleaner
2017-02-05 00:44 - 2017-02-05 00:44 - 01099752 _____ (UpdateStar GmbH) C:\Users\lanmilan\Downloads\setup.exe
2017-02-05 00:44 - 2017-02-05 00:44 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppCleaner
2017-02-04 23:32 - 2017-02-04 23:32 - 01629664 _____ (Skype Technologies S.A.) C:\Users\lanmilan\Downloads\SkypeSetup.exe
2017-02-04 23:08 - 2017-02-04 23:08 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-04 11:58 - 2017-02-04 11:58 - 00009351 _____ C:\Users\lanmilan\Downloads\Unconfirmed 236885.crdownload
2017-02-04 11:01 - 2017-02-04 11:01 - 00079721 _____ C:\Users\lanmilan\Downloads\weather[02-21].zip
2017-02-04 10:58 - 2017-02-04 10:58 - 00003694 _____ C:\Users\lanmilan\Downloads\TimeBomb v1.0_3800.zip
2017-02-04 10:50 - 2017-02-04 10:50 - 00282860 _____ C:\Users\lanmilan\Downloads\focus-weather[12-27].zip
2017-02-03 18:43 - 2017-02-03 18:43 - 00001475 _____ C:\Users\lanmilan\Downloads\kmsg.zip
2017-02-03 18:17 - 2017-02-03 18:17 - 00016276 _____ C:\Users\lanmilan\Downloads\k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2
2017-02-02 19:54 - 2017-01-26 17:57 - 02361962 _____ C:\Users\lanmilan\Documents\0-02-05-b6491040b1cccb9925dd3a5e0abbbea4589e29d38116946865a5ee4efb16bf86_full.mp4
2017-01-29 11:58 - 2017-01-29 11:58 - 00000000 ____D C:\Users\lanmilan\Downloads\Professional_Script_v_2
2017-01-29 11:52 - 2017-02-04 23:03 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Professional §©®ÎÞt v.2
2017-01-29 11:52 - 2017-01-29 11:52 - 07997181 _____ C:\Users\lanmilan\Downloads\Professional_Script_v_2.zip
2017-01-29 11:51 - 2017-01-29 11:51 - 07997181 _____ C:\Users\lanmilan\Downloads\Unconfirmed 571216.crdownload
2017-01-29 11:26 - 2017-01-29 11:26 - 12189800 _____ C:\Users\lanmilan\Downloads\5_DreamIRC45.rar
2017-01-29 11:00 - 2017-01-29 11:01 - 00000000 ____D C:\Program Files\mIRC
2017-01-29 00:46 - 2017-01-29 00:47 - 38589080 _____ (AlexScript) C:\Users\lanmilan\Downloads\AlexScript.exe
2017-01-28 23:27 - 2017-01-28 23:27 - 13484821 _____ C:\Users\lanmilan\Downloads\RafaeLLa_IRC_Bot_Services_v7.5_by_westor.rar
2017-01-28 22:08 - 2017-01-28 22:08 - 03418324 _____ C:\Users\lanmilan\Downloads\Upustvo za Instalaciju.rar
2017-01-28 11:51 - 2017-01-28 11:51 - 00031921 _____ C:\Users\lanmilan\Downloads\LN_ 91409-2016_7.pdf
2017-01-28 09:59 - 2017-01-28 09:59 - 00027676 _____ C:\Users\lanmilan\Downloads\57.tif
2017-01-28 09:59 - 2017-01-28 09:59 - 00026509 _____ C:\Users\lanmilan\Downloads\56.tif
2017-01-25 17:48 - 2017-01-25 17:48 - 00000000 ____D C:\Users\lanmilan\Documents\Wondershare MediaServer
2017-01-24 17:48 - 2017-01-24 17:48 - 00000000 ____D C:\Users\lanmilan\AppData\Local\Viber
2017-01-24 08:41 - 2017-01-25 21:32 - 00038749 _____ C:\Users\lanmilan\Desktop\Book1.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:43 - 2016-10-02 10:19 - 00000000 ____D C:\ProgramData\Gramblr
2017-02-21 21:42 - 2015-10-23 17:16 - 00000000 ____D C:\FRST
2017-02-21 21:42 - 2015-08-11 10:46 - 00000000 ____D C:\ProgramData\Skype
2017-02-21 21:36 - 2015-08-11 09:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3318695099-3213434911-3798809956-1001
2017-02-21 21:32 - 2016-01-31 15:09 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3318695099-3213434911-3798809956-1001
2017-02-21 21:32 - 2016-01-31 15:09 - 00003310 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3318695099-3213434911-3798809956-1001
2017-02-21 21:31 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 21:26 - 2015-10-05 16:35 - 00000000 ____D C:\Users\lanmilan\AppData\LocalLow\Mozilla
2017-02-21 21:08 - 2015-08-17 18:42 - 00007614 _____ C:\Users\lanmilan\AppData\Local\Resmon.ResmonCfg
2017-02-21 20:17 - 2015-08-11 09:32 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{31F3BEAE-F1D5-4B9F-B257-BCBF6267FBCB}
2017-02-21 20:09 - 2017-01-11 18:33 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-21 08:51 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-21 08:45 - 2015-08-11 10:10 - 00000000 __SHD C:\PScript5
2017-02-20 18:23 - 2017-01-20 20:06 - 00000000 ____D C:\Users\lanmilan\AppData\Local\Opera Software
2017-02-20 18:11 - 2017-01-20 20:06 - 00004060 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1484939153
2017-02-20 18:10 - 2017-01-20 20:05 - 00001347 _____ C:\Users\lanmilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-20 18:07 - 2017-01-11 18:33 - 00003856 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-20 18:06 - 2015-08-11 09:38 - 00000000 ____D C:\Users\lanmilan\AppData\Local\Adobe
2017-02-20 18:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 18:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-20 08:08 - 2016-02-09 00:02 - 00000000 __SHD C:\Professional §©®ÎÞt v.4 White
2017-02-20 02:31 - 2015-08-11 10:46 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\Skype
2017-02-20 01:58 - 2015-08-19 16:29 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\ViberPC
2017-02-19 23:43 - 2015-08-19 16:30 - 00000000 __SHD C:\Users\lanmilan\Documents\ViberDownloads
2017-02-19 00:25 - 2016-05-07 16:01 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462633268
2017-02-19 00:25 - 2016-05-07 16:01 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-16 21:09 - 2015-08-11 09:24 - 00000000 ____D C:\Users\lanmilan\AppData\Local\VirtualStore
2017-02-16 21:08 - 2017-01-20 20:11 - 00000000 ____D C:\Users\lanmilan\AppData\Local\Apple Computer
2017-02-16 21:07 - 2017-01-20 20:11 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\Apple Computer
2017-02-11 23:35 - 2015-08-11 09:43 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-10 17:54 - 2015-08-11 09:51 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-09 18:52 - 2015-12-13 12:50 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\PhotoScape
2017-02-09 00:24 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-02-09 00:22 - 2015-10-23 17:47 - 00000000 ____D C:\AdwCleaner
2017-02-08 23:51 - 2016-10-02 10:19 - 00000000 ____D C:\Program Files\Gramblr
2017-02-08 23:48 - 2015-08-11 09:51 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-08 23:48 - 2015-08-11 09:51 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-08 23:48 - 2015-08-11 09:51 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-08 23:48 - 2015-08-11 09:51 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-08 23:48 - 2015-08-11 09:51 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-08 23:48 - 2015-08-11 09:51 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-08 23:47 - 2016-05-07 15:59 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-08 23:47 - 2015-08-11 09:51 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-08 23:40 - 2015-10-23 06:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-08 04:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-02-06 23:11 - 2016-05-11 18:27 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 16:27 - 2013-08-22 15:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-05 16:16 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-05 13:49 - 2015-11-08 18:09 - 00000000 ____D C:\Users\lanmilan\Desktop\Cistaci
2017-02-05 11:45 - 2015-12-04 19:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-05 11:21 - 2015-08-11 09:29 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 03:01 - 2015-08-13 02:06 - 00000000 ____D C:\Windows\system32\MRT
2017-02-05 02:54 - 2015-08-13 02:06 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-05 00:52 - 2015-08-11 10:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-05 00:51 - 2015-09-29 23:07 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-05 00:48 - 2015-09-29 23:07 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-04 23:05 - 2015-08-11 09:23 - 00000000 ____D C:\Users\lanmilan
2017-02-04 23:03 - 2015-12-24 21:19 - 00000000 ____D C:\Program Files (x86)\Free Hide Folder
2017-02-04 23:03 - 2015-12-10 19:31 - 00000000 ____D C:\Users\lanmilan\AppData\Local\SkypePlugin
2017-02-04 23:03 - 2015-12-03 16:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-02-04 23:03 - 2015-09-29 16:43 - 00000000 ____D C:\Users\Guest
2017-02-04 23:03 - 2015-08-19 11:14 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\uTorrent
2017-02-04 23:03 - 2015-08-11 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-04 23:02 - 2015-08-11 10:46 - 00000000 ____D C:\Users\lanmilan\Desktop\Skype
2017-02-04 22:58 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-04 22:55 - 2016-01-31 15:04 - 00000000 ____D C:\ProgramData\Real
2017-02-04 22:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2017-02-04 21:26 - 2016-08-20 07:54 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-29 11:38 - 2016-02-08 23:17 - 00000000 ____D C:\Users\lanmilan\AppData\Roaming\mIRC
2017-01-28 22:59 - 2016-11-22 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 17:47 - 2015-10-23 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-01-25 17:47 - 2015-10-23 06:56 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-01-24 08:41 - 2016-10-29 08:32 - 00000000 __SHD C:\Users\lanmilan\Documents\ddrrd
2017-01-22 04:48 - 2015-08-19 12:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-10-25 19:18 - 2015-10-25 19:59 - 0000115 _____ () C:\Users\lanmilan\AppData\Roaming\LogFile.txt
2016-01-23 23:37 - 2016-01-23 23:37 - 0000600 _____ () C:\Users\lanmilan\AppData\Roaming\winscp.rnd
2016-12-16 00:46 - 2016-12-16 00:46 - 0003584 _____ () C:\Users\lanmilan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-23 23:37 - 2016-02-05 08:51 - 0000600 _____ () C:\Users\lanmilan\AppData\Local\PUTTY.RND
2015-08-17 18:42 - 2017-02-21 21:08 - 0007614 _____ () C:\Users\lanmilan\AppData\Local\Resmon.ResmonCfg
2015-08-19 13:25 - 2015-08-19 13:41 - 0000700 ___SH () C:\Users\lanmilan\AppData\Local\systemFL7.dat
2016-09-03 20:33 - 2016-09-03 20:33 - 0000180 _____ () C:\Users\lanmilan\AppData\Local\uts.ini

Files to move or delete:
====================
C:\Users\lanmilan\AppData\Local\Viber\Viber.exe
C:\Users\lanmilan\ZHPCleaner.exe


Some files in TEMP:
====================
2017-01-20 20:05 - 2017-01-20 20:05 - 1495040 _____ (Opera Software) C:\Users\lanmilan\AppData\Local\Temp\Opera_installer_2017120552966.dll
2017-02-06 02:07 - 2017-02-11 19:39 - 44048864 _____ (Skype Technologies S.A.) C:\Users\lanmilan\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-15 02:22

==================== End of FRST.txt ============================

[Link mogu videti samo ulogovani korisnici]



Poslao: 21 Feb 2017 23:04
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
2016-12-16 00:46 - 2016-12-16 00:46 - 0003584 _____ () C:\Users\lanmilan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [210]
File: C:\Program Files (x86)\inSoft\Magic Box\Uninstall.exe
File: C:\Users\lanmilan\Downloads\setup.exe
File: C:\Windows\system32\Drivers\Cat.DB
File: C:\Users\lanmilan\AppData\Local\Viber\Viber.exe
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,


Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"



Poslao: 22 Feb 2017 18:32
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by lanmilan (22-02-2017 18:12:21) Run:1
Running from C:\Users\lanmilan\Desktop
Loaded Profiles: lanmilan (Available Profiles: lanmilan & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2016-12-16 00:46 - 2016-12-16 00:46 - 0003584 _____ () C:\Users\lanmilan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [210]
File: C:\Program Files (x86)\inSoft\Magic Box\Uninstall.exe
File: C:\Users\lanmilan\Downloads\setup.exe
File: C:\Windows\system32\Drivers\Cat.DB
File: C:\Users\lanmilan\AppData\Local\Viber\Viber.exe
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\lanmilan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

========================= File: C:\Program Files (x86)\inSoft\Magic Box\Uninstall.exe ========================

"C:\Program Files (x86)\inSoft\Magic Box\Uninstall.exe" => not found.
====== End of File: ======


========================= File: C:\Users\lanmilan\Downloads\setup.exe ========================

File is digitally signed
MD5: 4D43FC9A85D4A341787C8F62EB6D9584
Creation and modification date: 2017-02-05 00:44 - 2017-02-05 00:44
Size: 1099752
Attributes: ----A
Company Name: UpdateStar GmbH
Internal Name:
Original Name:
Product: AppCleaner
Description: AppCleaner
File Version: 3.3.5592.22424
Product Version: 3.3.5592.22424
Copyright: Copyright UpdateStar GmbH.

====== End of File: ======


========================= File: C:\Windows\system32\Drivers\Cat.DB ========================

File not signed
MD5: AE0137A1C508053D9E78198CE29D05FB
Creation and modification date: 2017-02-21 20:52 - 2017-02-21 20:56
Size: 5174483
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\Users\lanmilan\AppData\Local\Viber\Viber.exe ========================

File is digitally signed
MD5:
Creation and modification date: 2017-01-24 17:48 - 2017-01-16 17:00
Size: 43999824
Attributes: ----A
Company Name: Viber Media S.à r.l.
Internal Name: Viber
Original Name: Viber.exe
Product: Viber
Description: Viber
File Version: 6.5.5-1481-g516869c-dirty
Product Version: 6.5.5-1481-g516869c-dirty
Copyright: Copyright © 2016 Viber Media S.à r.l.

====== End of File: ======


=========== EmptyTemp: ==========

BITS transfer queue => 20971520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13751087 B
Java, Flash, Steam htmlcache => 1670 B
Windows/system/drivers => 120525143 B
Edge => 0 B
Chrome => 937114759 B
Firefox => 40448718 B
Opera => 389592120 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 94707 B
systemprofile32 => 15 B
LocalService => 95618 B
NetworkService => 0 B
lanmilan => 596471816 B
Guest => 22946717 B

RecycleBin => 122535335 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:15:19 ====



[Link mogu videti samo ulogovani korisnici]

Poslao: 22 Feb 2017 19:14
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju .

Poslao: 22 Feb 2017 20:40
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Tek iz cetvrtog pokusaja je pokrenuo skeniranje. Prethodno kada kliknem na Scan program se zamrzne i izbaci poruku Stop working...pa sam zatvarao iz task managera.

[Link mogu videti samo ulogovani korisnici]

Poslao: 22 Feb 2017 22:55
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Reci mi, kakvo je sada stanje?

Poslao: 22 Feb 2017 23:41
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Rekao bih da se stanje sa diskom popravilo... za razliku od CPU koji i dalje divlja. SS diska i cpu su radjeni na dva ti minuta razmaka

DISK








CPU





Poslao: 23 Feb 2017 09:24
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

U redu, onda je to to. Trenutno, tvoj racunar je cist sto se tice malvera. Ako se problem nastavi, otvori temu u Hardver delu foruma, gde ces najverovatnije dobiti neke dijagnosticke alate. Jer ako se problem ponovo javi, a racunar je cist, problem je najverovatnije do hardvera.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Poslao: 23 Feb 2017 17:25
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Hvala puno na pomoci. Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Provera: Spor komp, CPU 100% DISK 100%

Ko je trenutno na forumu
 

Ukupno su 1584 korisnika na forumu :: 51 registrovanih, 7 sakrivenih i 1526 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: berste23, bojan_t, brane2208, Bubili, Carbon, carinko, Coficab, deLacy, Demi87, djox00, Dragon Order, Dukelander, dule10savic, dusan.l, Giskard, Glavonja049, GRAVANO, Hemi, Incognito, Japidson, Jaxupa, Jose, kaput21, kibihrchak, kinderpingvin, koneks, kybonacci, Lazarus, Medojed, milikonst, MK10, Mrav Obrad, peti, Romibrat, rovac, Savantije, Sićko, slowhand, Stefi888, tanakadzo, Titan, trajkoni018, trutcina, TRZH92, vaso1, Velizar Laro, VJ, vukovi, vuksa72, zlaya011, zoran77