Provjera kompjutera :)

1

Provjera kompjutera :)

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1755
  • Gde živiš: Niksic - Crna Gora

Napisano: 01 Okt 2013 19:11

:arrow: DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.25.2
Run by user at 19:09:01 on 2013-10-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3979.2570 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.2
TCP: Interfaces\{77768D0A-C844-42CC-87DB-649D46EEC224}\642796C656 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7F861404-6040-4804-843D-EEA2DA4BCF42} : DHCPNameServer = 192.168.0.2
TCP: Interfaces\{7F861404-6040-4804-843D-EEA2DA4BCF42}\B414A594E4F4 : DHCPNameServer = 195.66.189.137 195.66.189.138
TCP: Interfaces\{7F861404-6040-4804-843D-EEA2DA4BCF42}\B416A796E6F6 : DHCPNameServer = 195.66.189.137 195.66.189.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-14 14:58; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-27 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-20 283200]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-4-26 33560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-13 13592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 RtlService;RtlService;C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2013-4-25 40960]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-1-19 30368]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-27 356632]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-27 789272]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-13 708200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-8-24 175928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-22 1255736]
.
=============== Created Last 30 ================
.
2013-10-01 17:06:59 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F44593BE-F37D-4F5D-978D-38F1652067D4}\offreg.dll
2013-09-30 18:52:19 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F44593BE-F37D-4F5D-978D-38F1652067D4}\mpengine.dll
2013-09-29 21:54:03 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-16 10:30:40 4806016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-16 10:30:40 4806016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-14 15:11:04 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2013-09-14 15:11:02 -------- d-----w- C:\ProgramData\Native Instruments
2013-09-11 15:39:39 -------- d-----w- C:\Users\user\AppData\Roaming\Unity
2013-09-06 09:11:05 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{365C5B77-C66A-40F9-BDB5-14769EACB5DC}\gapaengine.dll
.
==================== Find3M ====================
.
2013-09-11 12:20:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 12:20:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 23:20:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-17 23:20:14 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-17 23:20:14 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 19:10:08,91 ===============

Dopuna: 01 Okt 2013 19:11

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Sta je ovo? Kako ti zamisljas Ambulantu, da je to mesto gde svratis, postavis izvestaje, ne kazes ni jednu rec i ocekujes da ti neko pomogne? Pre par dana si bio u Ambulanti, sta je sada problem? Znaci, tako kako ti to zamisljas nece moci, ovde rade ljudi(koji imaju zivot), a ne roboti, pa se tako i ponasaj, i detaljno opisi problem. Sa druge strane, postoje i programi kao sto je MalwareBytes, pomocu kojih mozes i sam nekada da preskeniras i proveri kakvo je stanje sistema. Ne mora za svaku sitnicu da se postavlja ovde tema...

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

Napisano: 02 Okt 2013 1:27

neco mi je dao nalog da mi pregledate komp. od virus-a

Dopuna: 02 Okt 2013 1:27

Cini mi se da je malo usporio ...

Dopuna: 02 Okt 2013 1:30

skidao je filmove ... muziku i cini mu se da je usporio komp. eto to je problem

Dopuna: 02 Okt 2013 1:34

inace imam 2 profila ... tako da kome treba davam ...

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1755
  • Gde živiš: Niksic - Crna Gora

Pregledaj mi jos ovaj komp i neces me gledati bez ako bas ne prigusti moze ? Wink

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Racunar ce biti pregledan, ali pokazi malo postovanja i odvoji makar onoliko vremena za ovaj problem, koliko i mi odvajamo, a ne taj fazon, ubacis izvestaje bez ijedne reci...




Korak 1.


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64-bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".




Korak 2.


Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1755
  • Gde živiš: Niksic - Crna Gora

Napisano: 02 Okt 2013 13:39

U redu , izvinjavam se ... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by user (administrator) on USER-PC on 02-10-2013 13:33:42
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-08] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3EA79C9157D9CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - D01FAD5E251647EDA55368FAC16139C4 URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: GretechBHO Class - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\searchplugins\bingp.xml
FF Extension: fhdp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
FF Extension: hdvc - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [173616 2007-02-08] ()
R2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-20] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
S3 netr28ux; system32\DRIVERS\netr28ux.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 13:33 - 2013-10-02 13:33 - 00000000 ____D C:\FRST
2013-10-02 13:32 - 2013-10-02 13:32 - 01953880 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-01 22:31 - 2013-10-01 22:31 - 00004121 _____ C:\Users\user\Downloads\302837_1925962237_attach.txt
2013-10-01 19:10 - 2013-10-01 19:10 - 00013376 _____ C:\Users\user\Desktop\dds.txt
2013-10-01 19:10 - 2013-10-01 19:10 - 00004121 _____ C:\Users\user\Desktop\attach.txt
2013-10-01 19:08 - 2013-10-01 19:08 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-29 23:53 - 2013-09-29 23:54 - 03332688 _____ C:\Users\user\Downloads\Adobe_Photoshop_Elements_12.exe
2013-09-16 02:17 - 2013-09-16 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 17:14 - 2013-09-14 17:14 - 00000000 ____D C:\Users\user\Documents\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\ProgramData\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-09-14 16:59 - 2013-09-14 17:07 - 00000000 ____D C:\Users\user\Downloads\Native Instruments Traktor Pro 2 v2.1.2 B12125 (Full) [RH]
2013-09-11 17:39 - 2013-09-11 17:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity
2013-09-02 17:49 - 2013-10-01 09:07 - 00002308 _____ C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2013-10-02 13:33 - 2013-10-02 13:33 - 00000000 ____D C:\FRST
2013-10-02 13:32 - 2013-10-02 13:32 - 01953880 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-02 13:28 - 2013-06-18 21:57 - 01368593 _____ C:\Windows\WindowsUpdate.log
2013-10-02 13:28 - 2012-12-13 20:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-10-02 12:56 - 2013-08-28 12:51 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 12:56 - 2013-08-28 12:51 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 12:52 - 2013-02-04 21:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 00:19 - 2013-08-13 15:01 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{33603993-C091-4AE7-8460-6E9BDA9A71F7}
2013-10-01 22:31 - 2013-10-01 22:31 - 00004121 _____ C:\Users\user\Downloads\302837_1925962237_attach.txt
2013-10-01 19:10 - 2013-10-01 19:10 - 00013376 _____ C:\Users\user\Desktop\dds.txt
2013-10-01 19:10 - 2013-10-01 19:10 - 00004121 _____ C:\Users\user\Desktop\attach.txt
2013-10-01 19:08 - 2013-10-01 19:08 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr
2013-10-01 12:38 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 12:38 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-01 09:07 - 2013-09-02 17:49 - 00002308 _____ C:\Windows\PFRO.log
2013-10-01 09:07 - 2013-09-01 12:35 - 00002418 _____ C:\Windows\setupact.log
2013-10-01 09:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 23:54 - 2013-09-29 23:53 - 03332688 _____ C:\Users\user\Downloads\Adobe_Photoshop_Elements_12.exe
2013-09-27 21:59 - 2013-05-04 15:43 - 00000000 ____D C:\Users\user\Documents\VirtualDJ
2013-09-27 08:54 - 2012-12-13 20:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-24 19:36 - 2009-07-14 07:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-22 16:45 - 2013-03-19 16:20 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-09-20 21:37 - 2013-08-28 12:53 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-19 15:46 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 15:43 - 2012-12-13 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-16 03:48 - 2013-02-08 08:02 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-09-16 02:17 - 2013-09-16 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 17:14 - 2013-09-14 17:14 - 00000000 ____D C:\Users\user\Documents\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\ProgramData\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-09-14 17:07 - 2013-09-14 16:59 - 00000000 ____D C:\Users\user\Downloads\Native Instruments Traktor Pro 2 v2.1.2 B12125 (Full) [RH]
2013-09-11 17:39 - 2013-09-11 17:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity
2013-09-11 14:20 - 2013-02-04 21:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 14:20 - 2013-02-04 21:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 14:20 - 2012-12-13 19:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-28 20:16

==================== End Of Log ============================

Dopuna: 02 Okt 2013 13:41

https://www.mycity.rs/must-login.png

Dopuna: 02 Okt 2013 14:23

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - D01FAD5E251647EDA55368FAC16139C4 URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: fhdp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
FF Extension: hdvc - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
C:\Program Files (x86)\FirstRowSportApp.com
C:\Program Files (x86)\HDvidCodec.com
C:\Users\user\AppData\Local\Temp\Uninstall.exe
CMD: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.




Nakon toga:


Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1755
  • Gde živiš: Niksic - Crna Gora

Napisano: 03 Okt 2013 19:09

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by user at 2013-10-03 19:07:41 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - D01FAD5E251647EDA55368FAC16139C4 URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: fhdp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
FF Extension: hdvc - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
C:\Program Files (x86)\FirstRowSportApp.com
C:\Program Files (x86)\HDvidCodec.com
C:\Users\user\AppData\Local\Temp\Uninstall.exe
CMD: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\D01FAD5E251647EDA55368FAC16139C4 => Key deleted successfully.
HKCR\CLSID\D01FAD5E251647EDA55368FAC16139C4 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi => Moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi => Moved successfully.
"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi " => File/Directory not found.
"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon => Key deleted successfully.
C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli => Key deleted successfully.
C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx => Moved successfully.
C:\Program Files (x86)\FirstRowSportApp.com => Moved successfully.
C:\Program Files (x86)\HDvidCodec.com => Moved successfully.
"C:\Users\user\AppData\Local\Temp\Uninstall.exe " => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

Dopuna: 03 Okt 2013 19:10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by user at 2013-10-03 19:07:41 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - D01FAD5E251647EDA55368FAC16139C4 URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121213180138128&tb_oid=13-12-2012&tb_mrud=13-12-2012
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: fhdp - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
FF Extension: hdvc - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
C:\Program Files (x86)\FirstRowSportApp.com
C:\Program Files (x86)\HDvidCodec.com
C:\Users\user\AppData\Local\Temp\Uninstall.exe
CMD: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\D01FAD5E251647EDA55368FAC16139C4 => Key deleted successfully.
HKCR\CLSID\D01FAD5E251647EDA55368FAC16139C4 => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi => Moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi => Moved successfully.
"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\fhdp@fhdp.tv.xpi " => File/Directory not found.
"C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\Extensions\hdvc@hdvc.com.xpi " => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon => Key deleted successfully.
C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli => Key deleted successfully.
C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx => Moved successfully.
C:\Program Files (x86)\FirstRowSportApp.com => Moved successfully.
C:\Program Files (x86)\HDvidCodec.com => Moved successfully.
"C:\Users\user\AppData\Local\Temp\Uninstall.exe " => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

Dopuna: 03 Okt 2013 19:17

nisam sacuvao adw clener izvjestaj kliknuh X i zatvori se ... Sad

Dopuna: 03 Okt 2013 19:21

evo ga iz lokal disc C ..... Uradio sam i tfc
https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Postavi mi svez FRST izvestaj i kazi mi kakvo je sada stanje?

offline
  • Nemanja Djukanovic
  • Pridružio: 18 Dec 2012
  • Poruke: 1755
  • Gde živiš: Niksic - Crna Gora

Napisano: 04 Okt 2013 2:19

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by user (administrator) on USER-PC on 04-10-2013 02:17:10
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-08] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3EA79C9157D9CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: GretechBHO Class - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvxzdxly.default\searchplugins\bingp.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [173616 2007-02-08] ()
R2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-20] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [13560 2006-11-03] (Cyberlink Corp.)
S3 netr28ux; system32\DRIVERS\netr28ux.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-03 19:15 - 2013-10-03 19:12 - 00004091 _____ C:\Users\user\Desktop\AdwCleaner[S0].txt
2013-10-03 19:15 - 2013-10-03 19:11 - 00004113 _____ C:\Users\user\Desktop\AdwCleaner[R0].txt
2013-10-03 19:12 - 2013-10-03 19:18 - 00000112 _____ C:\Windows\setupact.log
2013-10-03 19:12 - 2013-10-03 19:12 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 19:10 - 2013-10-03 19:12 - 00000000 ____D C:\AdwCleaner
2013-10-03 19:07 - 2013-10-03 19:07 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2013-10-03 19:06 - 2013-10-03 19:07 - 01045226 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-10-03 19:05 - 2013-10-03 19:05 - 01954124 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-02 19:13 - 2013-10-03 19:02 - 00000000 ____D C:\Users\user\Desktop\neco
2013-10-02 13:33 - 2013-10-02 13:33 - 00000000 ____D C:\FRST
2013-10-01 22:31 - 2013-10-01 22:31 - 00004121 _____ C:\Users\user\Downloads\302837_1925962237_attach.txt
2013-10-01 19:08 - 2013-10-01 19:08 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2013-09-29 23:53 - 2013-09-29 23:54 - 03332688 _____ C:\Users\user\Downloads\Adobe_Photoshop_Elements_12.exe
2013-09-16 02:17 - 2013-09-16 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 17:14 - 2013-09-14 17:14 - 00000000 ____D C:\Users\user\Documents\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\ProgramData\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-09-14 16:59 - 2013-09-14 17:07 - 00000000 ____D C:\Users\user\Downloads\Native Instruments Traktor Pro 2 v2.1.2 B12125 (Full) [RH]
2013-09-11 17:39 - 2013-09-11 17:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity

==================== One Month Modified Files and Folders =======

2013-10-04 02:16 - 2013-08-28 12:51 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 02:16 - 2013-02-04 21:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 02:16 - 2012-12-13 20:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-10-04 00:34 - 2013-06-18 21:57 - 01522617 _____ C:\Windows\WindowsUpdate.log
2013-10-03 19:25 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:25 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:19 - 2013-08-28 12:51 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 19:18 - 2013-10-03 19:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-03 19:18 - 2013-10-03 19:12 - 00000112 _____ C:\Windows\setupact.log
2013-10-03 19:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 19:12 - 2013-10-03 19:15 - 00004091 _____ C:\Users\user\Desktop\AdwCleaner[S0].txt
2013-10-03 19:12 - 2013-10-03 19:12 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 19:12 - 2013-10-03 19:10 - 00000000 ____D C:\AdwCleaner
2013-10-03 19:11 - 2013-10-03 19:15 - 00004113 _____ C:\Users\user\Desktop\AdwCleaner[R0].txt
2013-10-03 19:07 - 2013-10-03 19:07 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2013-10-03 19:07 - 2013-10-03 19:06 - 01045226 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-10-03 19:05 - 2013-10-03 19:05 - 01954124 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2013-10-03 19:02 - 2013-10-02 19:13 - 00000000 ____D C:\Users\user\Desktop\neco
2013-10-03 19:01 - 2013-02-08 08:02 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2013-10-03 19:01 - 2012-12-13 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2013-10-03 19:00 - 2013-03-19 16:20 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-03 18:57 - 2013-08-13 15:01 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{33603993-C091-4AE7-8460-6E9BDA9A71F7}
2013-10-02 21:58 - 2013-05-04 15:43 - 00000000 ____D C:\Users\user\Documents\VirtualDJ
2013-10-02 19:15 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 13:33 - 2013-10-02 13:33 - 00000000 ____D C:\FRST
2013-10-01 22:31 - 2013-10-01 22:31 - 00004121 _____ C:\Users\user\Downloads\302837_1925962237_attach.txt
2013-10-01 19:08 - 2013-10-01 19:08 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2013-09-29 23:54 - 2013-09-29 23:53 - 03332688 _____ C:\Users\user\Downloads\Adobe_Photoshop_Elements_12.exe
2013-09-27 08:54 - 2012-12-13 20:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-24 19:36 - 2009-07-14 07:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-20 21:37 - 2013-08-28 12:53 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-16 15:43 - 2012-12-13 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-16 02:17 - 2013-09-16 02:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 17:14 - 2013-09-14 17:14 - 00000000 ____D C:\Users\user\Documents\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\ProgramData\Native Instruments
2013-09-14 17:11 - 2013-09-14 17:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-09-14 17:07 - 2013-09-14 16:59 - 00000000 ____D C:\Users\user\Downloads\Native Instruments Traktor Pro 2 v2.1.2 B12125 (Full) [RH]
2013-09-11 17:39 - 2013-09-11 17:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity
2013-09-11 14:20 - 2013-02-04 21:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 14:20 - 2013-02-04 21:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 14:20 - 2012-12-13 19:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-28 20:16

==================== End Of Log ============================

Dopuna: 04 Okt 2013 2:19

Cini mi se bolje Very Happy Jeeej ^^

Ko je trenutno na forumu
 

Ukupno su 538 korisnika na forumu :: 6 registrovanih, 1 sakriven i 531 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, dane007, havoc995, Nekicoveculjak, Snorks, Zi0mek