USB i folderi shortcuti

1

USB i folderi shortcuti

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Napisano: 20 Dec 2013 14:51

Vidim da postoje slčni slučajevi na forumu, ali da bih bio siguran i kako nalažu pravila, da ispoštujemoo roceduru:
Juče popodne oko 17h stavio sam kolegin USB flash drive u moj comp da joj prebacim neke fajlove potrebne za rad.
Videvši da je pun i da je FAT 32, a imao sam neke veće video fajlove da prebacim, prvo sam ga formatirao u NTFS. Potom sam iskopirao folder sa materijalom kako sam i planirao... Kad se kopiranje završilo primetio sam da se uz moj folder pojavio isti takav kao šortkat... Obrisao sam ga, ali se sad moj folder pojavio samo kao šortkat, i od tada mi sa USB-a otvara ovaj folder na mom kompu, ali u novom prozoru, što nije opcija u mom exploreru, a na drugim mašinama (laptop
na pr.) neće uopšte da se otvori, MAC OS ga vidi kao neki link koji ne vodi nikuda... Isto mi se desilo i kada sam celu opraciju ponovio sa drugim USB modulom... Sad imam dva "zaražena" USB-a na kojima se folderi prikazuju kao shortcut... Probao sam MalwareBytes Anti-Malware, očistio ceo komp od malwera, ali on na USBovima ne nalazi ništa sumnjivo...
Kako da rešim ovaj problem..?

ps.
Komp mi inače radi sasvim dobro, avira samo povremeno prijavi neke od (zabranjeno)ovanih keygena i to je sve... Koleginica je pre mene bila u nekoj kopirnici gde je izgleda pokupila taj malwer, jer je već tamo imala taj problem sa shortcutima po prvi put, ali je uspela da otvori i odštampa šta je nameravala, to mi je rekla tek kad smo već zarazili moj računar...


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.45.2
Run by Intel at 14:06:05 on 2013-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7166.5154 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hardware\Keyboard\Ikeymain.exe
C:\Program Files\Hardware\Mouse\Amoumain.exe
C:\Users\Intel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -

launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NexusServer] "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -

launchedbylogin
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Intel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program

Files (x86)\MagicDisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft

Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{93F40835-ECED-493A-AF75-D4CDD2231625} : NameServer = 192.168.0.1
TCP: Interfaces\{EAA80B7F-265A-4659-A2CE-935A9E75588C}\24F63716E61636 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application

\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iKeyWorks] C:\Program Files\Hardware\Keyboard\Ikeymain.exe
x64-Run: [WheelMouse] C:\Program Files\Hardware\Mouse\Amoumain.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?

AF=108386&babsrc=adbartrp&mntrId=986ad10400000000000020cf306fcd92&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components

\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Intel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-21 56208]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-18 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-18 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-18 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-18 108440]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-19 701512]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server

\SRService.exe [2013-4-3 551264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater

\SSUService.exe [2013-8-7 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

[2013-1-18 383264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-19 25928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-10-21

1250816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-10-21 1783296]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-10-21 12744]
S3 PS3 Media Server;PS3 Media Server;"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files

(x86)\PS3 Media Server\win32\service\wrapper.conf" --> C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-10-25

20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19

517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-25 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-10-25 31232]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-18 1011768]
.
=============== Created Last 30 ================
.
2013-12-19 18:27:46 -------- d-----w- C:\Users\Intel\AppData\Roaming\Malwarebytes
2013-12-19 18:27:37 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-19 18:27:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-19 18:27:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 01:30:36 -------- d-----w- C:\Users\Intel\AppData\Roaming\MPC-HC
2013-11-27 23:02:28 -------- d-----w- C:\Windows\Downloaded Installations
2013-11-26 21:32:47 -------- d-----w- C:\Users\Intel\AppData\Local\SwvUpdater
.
==================== Find3M ====================
.
2013-12-12 10:51:18 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-12 10:51:18 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-12-11 16:23:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 16:23:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 06:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-01 10:54:41 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2010-12-11 16:22:26 36868 ----a-w- C:\Program Files (x86)\uninst-Particular.exe
2009-06-05 05:36:54 2003456 ----a-w- C:\Program Files (x86)\Common Files\Boris RED.msi
2005-07-14 11:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
2011-06-15 22:00:00 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2011-02-11 09:26:20 112128 --sha-r- C:\Windows\SysWOW64\OptimFROG.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54:00 188416 --sha-r- C:\Windows\SysWOW64\winDCE32.dll
.
============= FINISH: 14:07:05.20 ===============


Hvala unapred..

Dopuna: 20 Dec 2013 14:53

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64-bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Izvinjavam se ako je potrajalo...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Intel (administrator) on INTEL-PC on 20-12-2013 17:34:48
Running from C:\Users\Intel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Hardware\Keyboard\Ikeymain.exe
() C:\Program Files\Hardware\Mouse\Amoumain.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Google) C:\Users\Intel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iKeyWorks] - C:\Program Files\Hardware\Keyboard\Ikeymain.exe [65536 2008-06-14] ()
HKLM\...\Run: [WheelMouse] - C:\Program Files\Hardware\Mouse\Amoumain.exe [237568 2008-07-11] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKCU\...\Run: [Google Update] - C:\Users\Intel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [WinUsbDriver] - C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION
MountPoints2: {03d8211e-dd42-11df-a978-20cf306fcd92} - G:\autorun.exe
MountPoints2: {7ab86f44-3ba5-11e2-ada0-20cf306fcd92} - "M:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NexusServer] - "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] - C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\TDC DjVj\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKU\TDC DjVj\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
Startup: C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF9CB746AECACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {FFA40112-6785-4001-9B58-0352CA1DE56F} URL = search.babylon.com/?q={searchTerms}&AF=108386&babsrc=SP_ss&mntrId=986ad10400000000000020cf306fcd92
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{93F40835-ECED-493A-AF75-D4CDD2231625}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Google
FF Homepage: startpage.com/
FF Keyword.URL: hxxp://search.babylon.com/?AF=108386&babsrc=adbartrp&mntrId=986ad10400000000000020cf306fcd92&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Intel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Intel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: GamePlayLabs Plugin - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\plugin2@gameplaylabs.com
FF Extension: MEGA EXTENSION - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Iplex to ALLPlayer - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\IplextoALL@ALLPlayer.org.xpi
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
FF Extension: FlashGot - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions

Chrome:
=======
CHR HomePage: hxxp://startsear.ch/?aff=2&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92
CHR DefaultSearchKeyword: google.rs
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (LiveVDO plug-in) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll (LiveVDO )
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO )
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Drive) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0
CHR Extension: (Google Search) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (LiveVDO plugin) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0
CHR Extension: (Gmail) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Users\Intel\AppData\Local\GamePlayLabs Plugin\gplplugin.crx
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1487112 2009-05-01] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1475848 2009-05-01] (Raxco Software, Inc.)
S3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-25] ()
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U3 ak18j39a; C:\Windows\System32\Drivers\ak18j39a.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Intel\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\Intel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 17:34 - 2013-12-20 17:35 - 00023242 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-20 17:34 - 2013-12-20 17:34 - 00000000 ____D C:\FRST
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop\FRST64.exe
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop\dds.scr
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 19:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-HC
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-01.dmp
2013-12-11 02:42 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 02:42 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 02:42 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 02:42 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 02:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 02:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 02:42 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 02:42 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 02:42 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 02:42 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 02:42 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 02:42 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 02:42 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 02:42 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:34 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2013-11-26 22:34 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2013-11-26 22:34 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2013-11-26 22:34 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2013-11-26 22:34 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2013-11-26 22:34 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2013-11-26 22:34 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2013-11-26 22:34 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2013-11-26 22:34 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2013-11-26 22:34 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2013-11-26 22:34 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2013-11-26 22:34 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2013-11-26 22:34 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2013-11-26 22:34 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2013-11-26 22:34 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2013-11-26 22:34 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2013-11-26 22:34 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2013-11-26 22:34 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2013-11-26 22:34 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2013-11-26 22:34 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2013-11-26 22:34 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2013-11-26 22:34 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2013-11-26 22:34 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2013-11-26 22:34 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2013-11-26 22:34 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2013-11-26 22:32 - 2013-12-20 12:48 - 00000000 ____D C:\Users\Intel\AppData\Local\SwvUpdater

==================== One Month Modified Files and Folders =======

2013-12-20 17:35 - 2013-12-20 17:34 - 00023242 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-20 17:34 - 2013-12-20 17:34 - 00000000 ____D C:\FRST
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop\FRST64.exe
2013-12-20 17:23 - 2012-10-11 08:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 17:22 - 2012-11-04 20:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA.job
2013-12-20 17:11 - 2010-10-29 12:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 15:55 - 2010-11-01 20:36 - 01524462 _____ C:\Windows\WindowsUpdate.log
2013-12-20 14:11 - 2013-02-14 01:16 - 00000000 ___RD C:\Users\Intel\Google Drive
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop\dds.scr
2013-12-20 13:29 - 2010-10-29 12:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 13:04 - 2009-07-14 06:13 - 00730512 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 13:04 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 13:04 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 12:56 - 2010-12-17 20:06 - 00199549 _____ C:\Windows\setupact.log
2013-12-20 12:56 - 2010-10-21 13:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-20 12:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 12:55 - 2010-12-31 01:12 - 00131774 _____ C:\Windows\PFRO.log
2013-12-20 12:49 - 2010-10-21 12:58 - 00000000 ____D C:\Users\Intel
2013-12-20 12:48 - 2013-11-26 22:32 - 00000000 ____D C:\Users\Intel\AppData\Local\SwvUpdater
2013-12-20 12:48 - 2012-02-22 22:08 - 00000000 ____D C:\Program Files (x86)\StartSearch plugin
2013-12-20 12:48 - 2011-06-04 23:32 - 00000000 ____D C:\Users\Intel\Downloads\New
2013-12-20 12:48 - 2010-11-03 13:35 - 00000000 ____D C:\Program Files (x86)\Wise Registry Cleaner
2013-12-20 11:34 - 2012-01-25 18:46 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9C4AAB4-8A8E-4BBE-89B8-D8B6B2224289}
2013-12-20 05:22 - 2012-11-04 20:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core.job
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 19:26 - 2013-11-14 14:42 - 00000000 ____D C:\Users\Intel\AppData\Roaming\vlc
2013-12-19 17:21 - 2010-12-26 15:37 - 00000000 ____D C:\Users\Intel\AppData\Roaming\uTorrent
2013-12-18 23:11 - 2013-04-12 00:02 - 00000000 ____D C:\AAA
2013-12-18 11:46 - 2008-11-24 08:57 - 00000000 ___HD C:\Users\Intel\AppData\Local\3gEBLcAuPk
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-HC
2013-12-18 02:28 - 2013-03-29 03:33 - 00001090 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2013-12-18 02:28 - 2012-10-22 22:06 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-12-16 04:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 03:34 - 2009-07-14 05:45 - 10759664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-01.dmp
2013-12-12 15:29 - 2013-05-01 11:08 - 791813838 _____ C:\Windows\MEMORY.DMP
2013-12-12 15:29 - 2011-03-14 00:57 - 00000000 ____D C:\Users\NeroMediaHomeUser.4
2013-12-12 15:29 - 2010-10-24 20:45 - 00000000 ____D C:\Windows\Minidump
2013-12-12 11:51 - 2013-08-18 10:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-12 00:27 - 2012-10-25 00:51 - 00001099 _____ C:\Users\Intel\AppData\Roaming\ShiftN.ini
2013-12-11 18:05 - 2013-03-20 16:47 - 00000132 _____ C:\Users\Intel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-11 17:23 - 2012-10-11 08:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:23 - 2012-05-24 13:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:23 - 2011-05-31 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-12-10 15:23 - 2010-10-25 18:25 - 00000000 ____D C:\Users\Intel\AppData\Roaming\dvdcss
2013-12-10 13:12 - 2010-10-29 12:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 02:06 - 2010-10-29 12:11 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 02:06 - 2010-10-29 12:11 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 22:43 - 2012-05-03 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-06 05:17 - 2012-11-04 20:33 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA
2013-12-06 05:17 - 2012-11-04 20:33 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core
2013-12-05 15:08 - 2011-04-15 00:22 - 00007601 _____ C:\Users\Intel\AppData\Local\Resmon.ResmonCfg
2013-12-05 02:19 - 2013-11-09 13:07 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Might & Magic Heroes VI
2013-12-02 22:13 - 2010-10-29 12:10 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ____D C:\ProgramData\Skype
2013-11-28 00:03 - 2010-10-26 23:44 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-27 02:08 - 2013-02-02 21:11 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Dropbox
2013-11-27 02:01 - 2013-02-02 21:16 - 00000000 ___RD C:\Users\Intel\Downloads\Dropbox
2013-11-26 23:47 - 2010-10-21 18:21 - 00315680 _____ C:\Users\Intel\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:06 - 2013-03-14 09:45 - 00000000 ____D C:\Users\Intel\AppData\Roaming\HandBrake
2013-11-23 19:26 - 2013-12-11 02:42 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 02:42 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 17:52 - 2012-10-17 23:20 - 00000000 ___RD C:\Users\Intel\Downloads\Jasna
2013-11-20 14:32 - 2012-02-09 13:20 - 00023352 _____ C:\Users\Intel\Documents\Default.sfvidcap

Files to move or delete:
====================
C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs
C:\ProgramData\PKP_DLdu.DAT


Some content of TEMP:
====================
C:\Users\Intel\AppData\Local\Temp\AskSLib.dll
C:\Users\Intel\AppData\Local\Temp\avgnt.exe
C:\Users\Intel\AppData\Local\Temp\chutil.dll
C:\Users\Intel\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\Intel\AppData\Local\Temp\htmlayout.dll
C:\Users\Intel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\Nokia_Suite_PCS_update.exe
C:\Users\Intel\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Intel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Intel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Intel\AppData\Local\Temp\nvStInst.exe
C:\Users\Intel\AppData\Local\Temp\RealPlayer.exe
C:\Users\Intel\AppData\Local\Temp\RemoveGO.exe
C:\Users\Intel\AppData\Local\Temp\SCC.dll
C:\Users\Intel\AppData\Local\Temp\setup_1.0.65.exe
C:\Users\Intel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Intel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Intel\AppData\Local\Temp\sqlite3.dll
C:\Users\Intel\AppData\Local\Temp\t.dll
C:\Users\Intel\AppData\Local\Temp\ubi490D.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubi6853.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubiF07.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubiF0B2.tmp.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Intel\AppData\Local\Temp\_is35F.exe
C:\Users\Intel\AppData\Local\Temp\_is714.exe
C:\Users\Intel\AppData\Local\Temp\_isC7F5.exe
C:\Users\Intel\AppData\Local\Temp\_isEF.exe
C:\Users\TDC DjVj\AppData\Local\Temp\AskSLib.dll
C:\Users\TDC DjVj\AppData\Local\Temp\avgnt.exe
C:\Users\TDC DjVj\AppData\Local\Temp\r29fxscr.dll
C:\Users\TDC DjVj\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 13:26

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Nemoj koristiti USB dok ne ocistimo racunar!



Iz Control Panel-a obrisi sledece:
- iLivid
- LiveVDO plugin



Zatim



Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKCU\...\Run: [WinUsbDriver] - C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION
C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs
MountPoints2: {03d8211e-dd42-11df-a978-20cf306fcd92} - G:\autorun.exe
MountPoints2: {7ab86f44-3ba5-11e2-ada0-20cf306fcd92} - "M:\WD SmartWare.exe" autoplay=true
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {FFA40112-6785-4001-9B58-0352CA1DE56F} URL = http://search.babylon.com/?q={searchTerms}&AF=108386&babsrc=SP_ss&mntrId=986ad10400000000000020cf306fcd92
FF SearchEngineOrder.1: Web Search
FF Homepage: https://startpage.com/
FF Keyword.URL: hxxp://search.babylon.com/?AF=108386&babsrc=adbartrp&mntrId=986ad10400000000000020cf306fcd92&q=
FF SearchPlugin: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx
C:\ProgramData\PKP_DLdu.DAT
AlternateDataStreams: C:\ProgramData\Microsoft:B9BdPUFBuFnQENH9n
AlternateDataStreams: C:\ProgramData\Microsoft:BGPSSbHq4brEIPuQyjBn74SK
AlternateDataStreams: C:\ProgramData\Microsoft:GdSXGsKHFWIAU3Zg2IAFJIG
AlternateDataStreams: C:\ProgramData\TEMP:8668AB36
AlternateDataStreams: C:\Users\Intel\Cookies:ve4QaFI6EEYUNLNQB8szfNGBa33Y
AlternateDataStreams: C:\Users\Intel\AppData\Local\3gEBLcAuPk:VGBJp8BaAyZSGvCCr0HIwFkG
CHR Extension: (LiveVDO plugin) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0
CHR Plugin: (LiveVDO plug-in) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll (LiveVDO )
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO )
cmd: ipconfig /flushdns


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takodje, na Desktop-u ce se nalaziti fixlog.txt.




Nakon toga, ponovo pokreni FRST, klikni Scan i dostavi mi novi izvestaj.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

USB ne koristim, ali su mi oba inficirana ostala u portovima, da li da ih izvadim ili da ostanu?
Obrisao dva mala programa..

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Intel at 2013-12-21 11:14:38 Run:1
Running from C:\Users\Intel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:a
*****************
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKCU\...\Run: [WinUsbDriver] - C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION
C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs
MountPoints2: {03d8211e-dd42-11df-a978-20cf306fcd92} - G:\autorun.exe
MountPoints2: {7ab86f44-3ba5-11e2-ada0-20cf306fcd92} - "M:\WD SmartWare.exe" autoplay=true
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = startsear.ch/?aff=2&src=sp&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92&q={searchTerms}
SearchScopes: HKCU - {FFA40112-6785-4001-9B58-0352CA1DE56F} URL = search.babylon.com/?q={searchTerms}&AF=108386&babsrc=SP_ss&mntrId=986ad10400000000000020cf306fcd92
FF SearchEngineOrder.1: Web Search
FF Homepage: startpage.com/
FF Keyword.URL: hxxp://search.babylon.com/?AF=108386&babsrc=adbartrp&mntrId=986ad10400000000000020cf306fcd92&q=
FF SearchPlugin: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx
C:\ProgramData\PKP_DLdu.DAT
AlternateDataStreams: C:\ProgramData\Microsoft:B9BdPUFBuFnQENH9n
AlternateDataStreams: C:\ProgramData\Microsoft:BGPSSbHq4brEIPuQyjBn74SK
AlternateDataStreams: C:\ProgramData\Microsoft:GdSXGsKHFWIAU3Zg2IAFJIG
AlternateDataStreams: C:\ProgramData\TEMP:8668AB36
AlternateDataStreams: C:\Users\Intel\Cookies:ve4QaFI6EEYUNLNQB8szfNGBa33Y
AlternateDataStreams: C:\Users\Intel\AppData\Local\3gEBLcAuPk:VGBJp8BaAyZSGvCCr0HIwFkG
CHR Extension: (LiveVDO plugin) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0
CHR Plugin: (LiveVDO plug-in) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll (LiveVDO )
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO )
cmd: ipconfig /flushdns
*****************

[3900] C:\Windows\System32\wscript.exe => Process closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsbDriver => Value deleted successfully.
Could not move "C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs" => Scheduled to move on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d8211e-dd42-11df-a978-20cf306fcd92} => Key deleted successfully.
HKCR\CLSID\{03d8211e-dd42-11df-a978-20cf306fcd92} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ab86f44-3ba5-11e2-ada0-20cf306fcd92} => Key deleted successfully.
HKCR\CLSID\{7ab86f44-3ba5-11e2-ada0-20cf306fcd92} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFA40112-6785-4001-9B58-0352CA1DE56F} => Key deleted successfully.
HKCR\CLSID\{FFA40112-6785-4001-9B58-0352CA1DE56F} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\searchplugins\startsear.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp => Key deleted successfully.
"C:\Program Files (x86)\StartSearch plugin\vshareplg.crx" => File/Directory not found.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\Microsoft => ":B9BdPUFBuFnQENH9n" ADS removed successfully.
C:\ProgramData\Microsoft => ":BGPSSbHq4brEIPuQyjBn74SK" ADS removed successfully.
C:\ProgramData\Microsoft => ":GdSXGsKHFWIAU3Zg2IAFJIG" ADS removed successfully.
C:\ProgramData\TEMP => ":8668AB36" ADS removed successfully.
"C:\Users\Intel\Cookies" => ":ve4QaFI6EEYUNLNQB8szfNGBa33Y" ADS not found.
C:\Users\Intel\AppData\Local\3gEBLcAuPk => ":VGBJp8BaAyZSGvCCr0HIwFkG" ADS removed successfully.
C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp => Moved successfully.
C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-21 11:21:29)<=

C:\Users\Intel\AppData\Local\Temp\WinUsbDriver.vbs => Is moved successfully.

==== End of Fixlog ====


Evo i izveštaja skeniranja:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Intel (administrator) on INTEL-PC on 21-12-2013 11:32:30
Running from C:\Users\Intel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Hardware\Keyboard\Ikeymain.exe
() C:\Program Files\Hardware\Mouse\Amoumain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host

Controller Driver\Application\nusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop

\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater

\SSUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVCM.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerPlugin_11_9_900_170.exe
(Google) C:\Users\Intel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE

\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iKeyWorks] - C:\Program Files\Hardware\Keyboard\Ikeymain.exe [65536 2008-

06-14] ()
HKLM\...\Run: [WheelMouse] - C:\Program Files\Hardware\Mouse\Amoumain.exe [237568

2008-07-11] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKCU\...\Run: [Google Update] - C:\Users\Intel\AppData\Local\Google\Update

\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe

[20203904 2013-12-06] (Google)
HKCU\...\Run: [] - [x]
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

[2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host

Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics

Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe

\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon

\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome

4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader

9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NexusServer] - "C:\Program Files (x86)\Common Files\Grass Valley

\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple

Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] - C:\Program Files (x86)\Nokia\Nokia Software Updater

\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe

\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600

2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\TDC DjVj\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome

4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKU\TDC DjVj\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash

\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
Startup: C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO,

Inc.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

0xFF9CB746AECACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =

en-us
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe

Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft

Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files

(x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files

(x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:

\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program

Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files

(x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{93F40835-ECED-493A-AF75-D4CDD2231625}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash

\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll

(Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight

\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google

Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin

\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft

Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite

\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation

\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google

\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google

\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Intel\AppData\Roaming

\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla

\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla

\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Intel\AppData

\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Intel\AppData

\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: MEGA EXTENSION - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles

\iss44jlu.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: FlashGot - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles

\iss44jlu.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions

\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-

0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-

0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions

\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files

(x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions

Chrome:
=======
CHR HomePage: hxxp://startsear.ch/?aff=2&cf=500cdf9f-5d99-11e1-952e-20cf306fcd92
CHR DefaultSearchKeyword: google.rs
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}

{google:originalQueryForSuggestion}{google:assistedQueryStats}

{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}

{google:sourceId}{google:instantExtendedEnabledParameter}

{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}

{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie=

{inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application

\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application

\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application

\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No

File
CHR Plugin: (LiveVDO plug-in) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data

\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser

\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files

(x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox

\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin

\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins

\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins

\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin

\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update

\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight

\4.0.60831.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Drive) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data

\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default

\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default

\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0
CHR Extension: (Google Search) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data

\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data

\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files

(x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Users\Intel

\AppData\Local\GamePlayLabs Plugin\gplplugin.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376

2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11

-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

[1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

[418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[701512 2013-04-04] (Malwarebytes Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome

4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1487112 2009-05-01]

(Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1475848 2009-05-01]

(Raxco Software, Inc.)
S3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s

"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft

Corporation)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard

mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech

Co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira

Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations

GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations

GmbH & Co. KG)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech

Taiwan)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04]

(Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries

Ltd.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server

2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-25] ()
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U3 amglko03; C:\Windows\System32\Drivers\amglko03.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Intel\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\Intel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 17:53 - 2013-12-20 17:53 - 00032162 _____ C:\Users\Intel\Desktop\Addition.txt
2013-12-20 17:34 - 2013-12-21 11:32 - 00021242 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-20 17:34 - 2013-12-21 11:21 - 00000000 ____D C:\FRST
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop

\FRST64.exe
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop

\dds.scr
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes

Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes'

Anti-Malware
2013-12-19 19:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:

\Windows\system32\Drivers\mbam.sys
2013-12-19 17:19 - 2013-08-27 19:00 - 00172340 _____ C:\Users\Intel\Desktop\㩃䙜卒屔畑牡

湡楴敮Ȁ
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-

HC
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-

01.dmp
2013-12-11 02:42 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\WMPhoto.dll
2013-12-11 02:42 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows

\system32\WMPhoto.dll
2013-12-11 02:42 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows

\system32\tzres.dll
2013-12-11 02:42 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\tzres.dll
2013-12-11 02:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows

\system32\msieftp.dll
2013-12-11 02:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\msieftp.dll
2013-12-11 02:42 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows

\system32\win32k.sys
2013-12-11 02:42 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows

\system32\imagehlp.dll
2013-12-11 02:42 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\imagehlp.dll
2013-12-11 02:42 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows

\system32\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows

\system32\scrrun.dll
2013-12-11 02:42 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\scrrun.dll
2013-12-11 02:42 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows

\system32\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows

\system32\cscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\cscript.exe
2013-12-11 02:42 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows

\system32\Drivers\drmk.sys
2013-12-11 02:42 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows

\system32\Drivers\portcls.sys
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:34 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2013-11-26 22:34 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Olepau32.ax
2013-11-26 22:34 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2013-11-26 22:34 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows

\SysWOW64\TAKDSDecoder.ax
2013-11-26 22:34 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows

\SysWOW64\OptimFROG.dll
2013-11-26 22:34 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows

\SysWOW64\TAKDSDecoder.dll
2013-11-26 22:34 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2013-11-26 22:34 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2013-11-26 22:34 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2013-11-26 22:34 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2013-11-26 22:34 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2013-11-26 22:34 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:

\Windows\SysWOW64\nbDX.dll
2013-11-26 22:34 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows

\SysWOW64\msfDX.dll
2013-11-26 22:34 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2013-11-26 22:34 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows

\SysWOW64\MatroskaDX.ax
2013-11-26 22:34 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows

\SysWOW64\AVCDX.ax
2013-11-26 22:34 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows

\SysWOW64\RealMediaDX.ax
2013-11-26 22:34 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows

\SysWOW64\RLOgg.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows

\SysWOW64\RLTheoraDec.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows

\SysWOW64\RLSpeexDec.ax
2013-11-26 22:34 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows

\SysWOW64\RLVorbisDec.ax
2013-11-26 22:34 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows

\SysWOW64\DiracSplitter.ax
2013-11-26 22:34 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows

\SysWOW64\TTADSSplitter.ax
2013-11-26 22:34 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows

\SysWOW64\TTADSDecoder.ax
2013-11-26 22:34 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows

\SysWOW64\drvc.dll
2013-11-26 22:34 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows

\SysWOW64\RLOFRDec.ax
2013-11-26 22:34 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2013-11-26 22:32 - 2013-12-20 12:48 - 00000000 ____D C:\Users\Intel\AppData\Local

\SwvUpdater

==================== One Month Modified Files and Folders =======

2013-12-21 11:32 - 2013-12-20 17:34 - 00021242 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-21 11:25 - 2009-07-14 06:13 - 00730512 _____ C:\Windows

\system32\PerfStringBackup.INI
2013-12-21 11:25 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 11:25 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 11:23 - 2012-10-11 08:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player

Updater.job
2013-12-21 11:22 - 2012-11-04 20:33 - 00000908 _____ C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA.job
2013-12-21 11:22 - 2012-01-25 18:46 - 00003926 _____ C:\Windows\System32\Tasks

\User_Feed_Synchronization-{F9C4AAB4-8A8E-4BBE-89B8-D8B6B2224289}
2013-12-21 11:21 - 2013-12-20 17:34 - 00000000 ____D C:\FRST
2013-12-21 11:18 - 2013-02-14 01:16 - 00000000 ___RD C:\Users\Intel\Google Drive
2013-12-21 11:17 - 2010-10-29 12:11 - 00000892 _____ C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2013-12-21 11:16 - 2010-12-17 20:06 - 00199605 _____ C:\Windows\setupact.log
2013-12-21 11:16 - 2010-10-21 13:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-21 11:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 11:15 - 2010-12-31 01:12 - 00132354 _____ C:\Windows\PFRO.log
2013-12-21 11:14 - 2010-11-01 20:36 - 01580944 _____ C:\Windows\WindowsUpdate.log
2013-12-21 11:11 - 2010-10-29 12:11 - 00000896 _____ C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2013-12-21 11:10 - 2012-02-22 22:08 - 00000000 ____D C:\Program Files (x86)\StartSearch

plugin
2013-12-21 05:22 - 2012-11-04 20:33 - 00000856 _____ C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core.job
2013-12-21 03:22 - 2013-11-14 14:42 - 00000000 ____D C:\Users\Intel\AppData\Roaming\vlc
2013-12-20 17:53 - 2013-12-20 17:53 - 00032162 _____ C:\Users\Intel\Desktop\Addition.txt
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop

\FRST64.exe
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop

\dds.scr
2013-12-20 12:49 - 2010-10-21 12:58 - 00000000 ____D C:\Users\Intel
2013-12-20 12:48 - 2013-11-26 22:32 - 00000000 ____D C:\Users\Intel\AppData\Local

\SwvUpdater
2013-12-20 12:48 - 2011-06-04 23:32 - 00000000 ____D C:\Users\Intel\Downloads\New
2013-12-20 12:48 - 2010-11-03 13:35 - 00000000 ____D C:\Program Files (x86)\Wise Registry

Cleaner
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes

Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes'

Anti-Malware
2013-12-19 17:21 - 2010-12-26 15:37 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\uTorrent
2013-12-18 23:11 - 2013-04-12 00:02 - 00000000 ____D C:\AAA
2013-12-18 11:46 - 2008-11-24 08:57 - 00000000 ___HD C:\Users\Intel\AppData\Local

\3gEBLcAuPk
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-

HC
2013-12-18 02:28 - 2013-03-29 03:33 - 00001090 _____ C:\Users\Public\Desktop\MPC-HC

x64.lnk
2013-12-18 02:28 - 2012-10-22 22:06 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-12-16 04:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 03:34 - 2009-07-14 05:45 - 10759664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-

01.dmp
2013-12-12 15:29 - 2013-05-01 11:08 - 791813838 _____ C:\Windows\MEMORY.DMP
2013-12-12 15:29 - 2011-03-14 00:57 - 00000000 ____D C:\Users\NeroMediaHomeUser.4
2013-12-12 15:29 - 2010-10-24 20:45 - 00000000 ____D C:\Windows\Minidump
2013-12-12 11:51 - 2013-08-18 10:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:

\Windows\system32\Drivers\avnetflt.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:

\Windows\system32\Drivers\avipbb.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:

\Windows\system32\Drivers\avgntflt.sys
2013-12-12 00:27 - 2012-10-25 00:51 - 00001099 _____ C:\Users\Intel\AppData\Roaming

\ShiftN.ini
2013-12-11 18:05 - 2013-03-20 16:47 - 00000132 _____ C:\Users\Intel\AppData\Roaming\Adobe

PNG Format CS6 Prefs
2013-12-11 17:23 - 2012-10-11 08:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe

Flash Player Updater
2013-12-11 17:23 - 2012-05-24 13:36 - 00692616 _____ (Adobe Systems Incorporated) C:

\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:23 - 2011-05-31 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:

\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-12-10 15:23 - 2010-10-25 18:25 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\dvdcss
2013-12-10 13:12 - 2010-10-29 12:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 02:06 - 2010-10-29 12:11 - 00003892 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineUA
2013-12-09 02:06 - 2010-10-29 12:11 - 00003640 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineCore
2013-12-06 22:43 - 2012-05-03 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla

Maintenance Service
2013-12-06 05:17 - 2012-11-04 20:33 - 00003878 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA
2013-12-06 05:17 - 2012-11-04 20:33 - 00003482 _____ C:\Windows\System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core
2013-12-05 15:08 - 2011-04-15 00:22 - 00007601 _____ C:\Users\Intel\AppData\Local

\Resmon.ResmonCfg
2013-12-05 02:19 - 2013-11-09 13:07 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Might

& Magic Heroes VI
2013-12-02 22:13 - 2010-10-29 12:10 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ____D C:\ProgramData\Skype
2013-11-28 00:03 - 2010-10-26 23:44 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-27 02:08 - 2013-02-02 21:11 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\Dropbox
2013-11-27 02:01 - 2013-02-02 21:16 - 00000000 ___RD C:\Users\Intel\Downloads\Dropbox
2013-11-26 23:47 - 2010-10-21 18:21 - 00315680 _____ C:\Users\Intel\AppData\Local

\GDIPFONTCACHEV1.DAT
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:06 - 2013-03-14 09:45 - 00000000 ____D C:\Users\Intel\AppData\Roaming

\HandBrake
2013-11-23 19:26 - 2013-12-11 02:42 - 00417792 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 02:42 - 00465920 _____ (Microsoft Corporation) C:\Windows

\system32\WMPhoto.dll
2013-11-22 17:52 - 2012-10-17 23:20 - 00000000 ___RD C:\Users\Intel\Downloads\Jasna

Some content of TEMP:
====================
C:\Users\Intel\AppData\Local\Temp\AskSLib.dll
C:\Users\Intel\AppData\Local\Temp\avgnt.exe
C:\Users\Intel\AppData\Local\Temp\chutil.dll
C:\Users\Intel\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\Intel\AppData\Local\Temp\htmlayout.dll
C:\Users\Intel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Intel\AppData\Local\Temp\Nokia_Suite_PCS_update.exe
C:\Users\Intel\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Intel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Intel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Intel\AppData\Local\Temp\nvStInst.exe
C:\Users\Intel\AppData\Local\Temp\RealPlayer.exe
C:\Users\Intel\AppData\Local\Temp\RemoveGO.exe
C:\Users\Intel\AppData\Local\Temp\SCC.dll
C:\Users\Intel\AppData\Local\Temp\setup_1.0.65.exe
C:\Users\Intel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Intel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Intel\AppData\Local\Temp\sqlite3.dll
C:\Users\Intel\AppData\Local\Temp\t.dll
C:\Users\Intel\AppData\Local\Temp\ubi490D.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubi6853.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubiF07.tmp.exe
C:\Users\Intel\AppData\Local\Temp\ubiF0B2.tmp.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Intel\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Intel\AppData\Local\Temp\_is35F.exe
C:\Users\Intel\AppData\Local\Temp\_is714.exe
C:\Users\Intel\AppData\Local\Temp\_isC7F5.exe
C:\Users\Intel\AppData\Local\Temp\_isEF.exe
C:\Users\TDC DjVj\AppData\Local\Temp\AskSLib.dll
C:\Users\TDC DjVj\AppData\Local\Temp\avgnt.exe
C:\Users\TDC DjVj\AppData\Local\Temp\r29fxscr.dll
C:\Users\TDC DjVj\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 13:26

==================== End Of Log ============================

pozdrav

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Racunar je cist, sada da ocistimo USB:


Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Pokreni MCShield, klikni na Scanner tab i cekiraj Always unhide items on flash drives. Potvri sa OK

Zatim ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Morao sam da izađem iz kuće, sad se vratih... Evo izveštaja MCShield...

>>> MCShield AllScans.txt <<<



MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 2.8.3.24 / DB: 2013.12.14.1 / Windows 7 <<<


12/21/2013 4:53:48 PM > Drive C: - scan started (SISTEM 7x64 ~466 GB, NTFS HDD )...



=> The drive is clean.


12/21/2013 4:53:48 PM > Drive D: - scan started (VIDEO STORAGE ~931 GB, NTFS HDD )...



=> The drive is clean.


12/21/2013 4:53:48 PM > Drive H: - scan started (Storage ~1863 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 2.8.3.24 / DB: 2013.12.14.1 / Windows 7 <<<


12/21/2013 4:55:55 PM > Drive E: - scan started (STORE N GO ~14783 MB, NTFS flash drive )...


>>> E:\OMF 2.lnk - Malware > Deleted. (13.12.21. 16.55 OMF 2.lnk.47802; MD5: e5216aa8a37999a8e1d6eac7f2fb0819)

>>> E:\WinUsbDriver.vbs - Malware > Deleted. (13.12.21. 16.55 WinUsbDriver.vbs.433784; MD5: 80e49685d1ac8a3623dd78779820ae5a)

> Resetting attributes: E:\OMF 2 < Successful.


=> Malicious files : 2/2 deleted.
=> Hidden folders : 1/1 unhidden.

____________________________________________

::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 2.8.3.24 / DB: 2013.12.14.1 / Windows 7 <<<


12/21/2013 4:57:14 PM > Drive F: - scan started (KINGSTON ~14762 MB, NTFS flash drive )...


>>> F:\.fseventsd.lnk - Malware > Deleted. (13.12.21. 16.57 .fseventsd.lnk.554241; MD5: 485bc5790fc89e89a6315bdc4b261ed7)

>>> F:\.Trashes.lnk - Malware > Deleted. (13.12.21. 16.57 .Trashes.lnk.674644; MD5: 06dfc4a55efc5acf5936f62cfe724b69)

>>> F:\OMF 2.lnk - Malware > Deleted. (13.12.21. 16.57 OMF 2.lnk.108510; MD5: e5216aa8a37999a8e1d6eac7f2fb0819)

>>> F:\WinUsbDriver.vbs - Malware > Deleted. (13.12.21. 16.57 WinUsbDriver.vbs.379086; MD5: 80e49685d1ac8a3623dd78779820ae5a)

> Resetting attributes: F:\.fseventsd < Successful.

> Resetting attributes: F:\.Trashes < Successful.

> Resetting attributes: F:\OMF 2 < Successful.


=> Malicious files : 4/4 deleted.
=> Hidden folders : 3/3 unhidden.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: mcshield.net/

>>> v 2.8.3.24 / DB: 2013.12.14.1 / Windows 7 <<<


12/21/2013 4:59:16 PM > Drive F: - scan started (USB KING ~7663 MB, NTFS flash drive )...


> F:\RECYCLER
> F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
> F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (MD5: f5bce445c71293b3f2fdbbe333f8c1f5)

>>> F:\Recycler - Malware (folder) > Deletion failed.


=> Malicious files : 0/1 deleted.
=> Malicious folders : 0/2 deleted.

____________________________________________

::::: Scan duration: 1min 14sec ::::::::::::
____________________________________________


Na drugom računaru izgleda da imam neki drugi virus ili malware, mislio sam prvo da očistim ovaj pa da se onda bacim i na drugi... Kažem to zato što ovaj treći USB nije od prekjuče ni bio u mojoj mašini a i on je nečim inficiran...

Pozdrav,

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, jos da proverimo da se nije racunar u medjuvremenu zarazio i da pocistimo adware na sistemu...


Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Zatim


Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.



Zatim


Ponovo pokreni FRST i dostavi mi svez izvestaj.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Evo i FRST novi izveštaj:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Intel (administrator) on INTEL-PC on 21-12-2013 18:23:37
Running from C:\Users\Intel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Hardware\Keyboard\Ikeymain.exe
() C:\Program Files\Hardware\Mouse\Amoumain.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iKeyWorks] - C:\Program Files\Hardware\Keyboard\Ikeymain.exe [65536 2008-06-14] ()
HKLM\...\Run: [WheelMouse] - C:\Program Files\Hardware\Mouse\Amoumain.exe [237568 2008-07-11] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKCU\...\Run: [Google Update] - C:\Users\Intel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [MCShield Monitor] - C:\Program Files (x86)\MCShield\MCShieldRTM.exe [607232 2013-10-26] (MyCity)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NexusServer] - "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] - C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\TDC DjVj\...\Run: [Nero MediaHome 4] - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [4891944 2009-06-23] (Nero AG)
HKU\TDC DjVj\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
Startup: C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF9CB746AECACB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{93F40835-ECED-493A-AF75-D4CDD2231625}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Intel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Intel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Intel\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: MEGA EXTENSION - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: FlashGot - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\iss44jlu.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [remotemode@splashtop.com] - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.rs
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (LiveVDO plug-in) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Extension: (Google Drive) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0
CHR Extension: (Google Search) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Intel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1487112 2009-05-01] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1475848 2009-05-01] (Raxco Software, Inc.)
S3 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-25] ()
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U3 aykf8zw0; C:\Windows\System32\Drivers\aykf8zw0.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Intel\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz130; \??\C:\Users\Intel\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-21 17:51 - 2013-12-21 17:51 - 00448512 _____ (OldTimer Tools) C:\Users\Intel\Desktop\TFC.exe
2013-12-21 17:39 - 2013-12-21 17:41 - 00000000 ____D C:\AdwCleaner
2013-12-21 17:36 - 2013-12-21 17:36 - 01226750 _____ C:\Users\Intel\Desktop\adwcleaner.exe
2013-12-21 16:53 - 2013-12-21 18:12 - 00000000 ____D C:\ProgramData\MCShield
2013-12-21 16:53 - 2013-12-21 16:53 - 02633042 _____ C:\Users\Intel\Desktop\MCShield-Setup.exe
2013-12-21 16:53 - 2013-12-21 16:53 - 00001063 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2013-12-21 16:53 - 2013-12-21 16:53 - 00000000 ____D C:\Program Files (x86)\MCShield
2013-12-20 17:53 - 2013-12-20 17:53 - 00032162 _____ C:\Users\Intel\Desktop\Addition.txt
2013-12-20 17:34 - 2013-12-21 18:23 - 00020698 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-20 17:34 - 2013-12-21 11:21 - 00000000 ____D C:\FRST
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop\FRST64.exe
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop\dds.scr
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 19:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-19 17:19 - 2013-08-27 19:00 - 00172340 _____ C:\Users\Intel\Desktop\㩃䙜卒屔畑牡湡楴敮Ȁ
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-HC
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-01.dmp
2013-12-11 02:42 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 02:42 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 02:42 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 02:42 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 02:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 02:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 02:42 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 02:42 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 02:42 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 02:42 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 02:42 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 02:42 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 02:42 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 02:42 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 02:42 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 02:42 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:34 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2013-11-26 22:34 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2013-11-26 22:34 - 2011-06-15 23:00 - 00163328 __RSH C:\Windows\SysWOW64\flvDX.dll
2013-11-26 22:34 - 2011-06-14 19:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2013-11-26 22:34 - 2011-02-11 10:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2013-11-26 22:34 - 2010-01-06 23:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2013-11-26 22:34 - 2009-09-27 23:00 - 00143872 __RSH C:\Windows\SysWOW64\AviDX.ax
2013-11-26 22:34 - 2009-08-10 23:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2013-11-26 22:34 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2013-11-26 22:34 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2013-11-26 22:34 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2013-11-26 22:34 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2013-11-26 22:34 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2013-11-26 22:34 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2013-11-26 22:34 - 2006-03-10 20:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2013-11-26 22:34 - 2006-01-12 23:00 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2013-11-26 22:34 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2013-11-26 22:34 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2013-11-26 22:34 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2013-11-26 22:34 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2013-11-26 22:34 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2013-11-26 22:34 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2013-11-26 22:34 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2013-11-26 22:34 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2013-11-26 22:34 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2013-11-26 22:34 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax

==================== One Month Modified Files and Folders =======

2013-12-21 18:23 - 2013-12-20 17:34 - 00020698 _____ C:\Users\Intel\Desktop\FRST.txt
2013-12-21 18:23 - 2012-10-11 08:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 18:22 - 2012-11-04 20:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA.job
2013-12-21 18:20 - 2009-07-14 06:13 - 00730512 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-21 18:20 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 18:20 - 2009-07-14 05:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 18:13 - 2013-02-14 01:16 - 00000000 ___RD C:\Users\Intel\Google Drive
2013-12-21 18:12 - 2013-12-21 16:53 - 00000000 ____D C:\ProgramData\MCShield
2013-12-21 18:12 - 2010-10-29 12:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 18:11 - 2010-12-17 20:06 - 00199717 _____ C:\Windows\setupact.log
2013-12-21 18:11 - 2010-10-21 13:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-21 18:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 18:10 - 2010-11-01 20:36 - 01616603 _____ C:\Windows\WindowsUpdate.log
2013-12-21 17:51 - 2013-12-21 17:51 - 00448512 _____ (OldTimer Tools) C:\Users\Intel\Desktop\TFC.exe
2013-12-21 17:41 - 2013-12-21 17:39 - 00000000 ____D C:\AdwCleaner
2013-12-21 17:36 - 2013-12-21 17:36 - 01226750 _____ C:\Users\Intel\Desktop\adwcleaner.exe
2013-12-21 17:11 - 2010-10-29 12:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 16:53 - 2013-12-21 16:53 - 02633042 _____ C:\Users\Intel\Desktop\MCShield-Setup.exe
2013-12-21 16:53 - 2013-12-21 16:53 - 00001063 _____ C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2013-12-21 16:53 - 2013-12-21 16:53 - 00000000 ____D C:\Program Files (x86)\MCShield
2013-12-21 12:16 - 2012-01-25 18:46 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F9C4AAB4-8A8E-4BBE-89B8-D8B6B2224289}
2013-12-21 11:21 - 2013-12-20 17:34 - 00000000 ____D C:\FRST
2013-12-21 11:15 - 2010-12-31 01:12 - 00132354 _____ C:\Windows\PFRO.log
2013-12-21 05:22 - 2012-11-04 20:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core.job
2013-12-21 03:22 - 2013-11-14 14:42 - 00000000 ____D C:\Users\Intel\AppData\Roaming\vlc
2013-12-20 17:53 - 2013-12-20 17:53 - 00032162 _____ C:\Users\Intel\Desktop\Addition.txt
2013-12-20 17:33 - 2013-12-20 17:33 - 02193141 _____ (Farbar) C:\Users\Intel\Desktop\FRST64.exe
2013-12-20 14:07 - 2013-12-20 14:07 - 00018423 _____ C:\Users\Intel\Desktop\dds.txt
2013-12-20 14:07 - 2013-12-20 14:07 - 00013183 _____ C:\Users\Intel\Desktop\attach.txt
2013-12-20 14:05 - 2013-12-20 14:05 - 00688992 ____R (Swearware) C:\Users\Intel\Desktop\dds.scr
2013-12-20 12:49 - 2010-10-21 12:58 - 00000000 ____D C:\Users\Intel
2013-12-20 12:48 - 2011-06-04 23:32 - 00000000 ____D C:\Users\Intel\Downloads\New
2013-12-20 12:48 - 2010-11-03 13:35 - 00000000 ____D C:\Program Files (x86)\Wise Registry Cleaner
2013-12-19 19:27 - 2013-12-19 19:27 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 19:27 - 2013-12-19 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 17:21 - 2010-12-26 15:37 - 00000000 ____D C:\Users\Intel\AppData\Roaming\uTorrent
2013-12-18 23:11 - 2013-04-12 00:02 - 00000000 ____D C:\AAA
2013-12-18 11:46 - 2008-11-24 08:57 - 00000000 ___HD C:\Users\Intel\AppData\Local\3gEBLcAuPk
2013-12-18 02:30 - 2013-12-18 02:30 - 00000000 ____D C:\Users\Intel\AppData\Roaming\MPC-HC
2013-12-18 02:28 - 2013-03-29 03:33 - 00001090 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2013-12-18 02:28 - 2012-10-22 22:06 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-12-16 04:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 03:34 - 2009-07-14 05:45 - 10759664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-12-16 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-12-12 15:29 - 2013-12-12 15:29 - 00292288 _____ C:\Windows\Minidump\121213-74911-01.dmp
2013-12-12 15:29 - 2013-05-01 11:08 - 791813838 _____ C:\Windows\MEMORY.DMP
2013-12-12 15:29 - 2011-03-14 00:57 - 00000000 ____D C:\Users\NeroMediaHomeUser.4
2013-12-12 15:29 - 2010-10-24 20:45 - 00000000 ____D C:\Windows\Minidump
2013-12-12 11:51 - 2013-08-18 10:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-12 11:51 - 2013-08-18 10:51 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-12 00:27 - 2012-10-25 00:51 - 00001099 _____ C:\Users\Intel\AppData\Roaming\ShiftN.ini
2013-12-11 18:05 - 2013-03-20 16:47 - 00000132 _____ C:\Users\Intel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-11 17:23 - 2012-10-11 08:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:23 - 2012-05-24 13:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:23 - 2011-05-31 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 16:29 - 2013-12-10 16:29 - 00000014 _____ C:\Users\Intel\Desktop\178.148.1.3.txt
2013-12-10 15:23 - 2010-10-25 18:25 - 00000000 ____D C:\Users\Intel\AppData\Roaming\dvdcss
2013-12-10 13:12 - 2010-10-29 12:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 02:06 - 2010-10-29 12:11 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 02:06 - 2010-10-29 12:11 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 22:43 - 2012-05-03 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-06 05:17 - 2012-11-04 20:33 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000UA
2013-12-06 05:17 - 2012-11-04 20:33 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1983932362-2607521197-2648449365-1000Core
2013-12-05 15:08 - 2011-04-15 00:22 - 00007601 _____ C:\Users\Intel\AppData\Local\Resmon.ResmonCfg
2013-12-05 02:19 - 2013-11-09 13:07 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Might & Magic Heroes VI
2013-12-02 22:13 - 2010-10-29 12:10 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-02 15:52 - 2010-10-29 12:10 - 00000000 ____D C:\ProgramData\Skype
2013-11-28 00:03 - 2010-10-26 23:44 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2013-11-28 00:02 - 2013-11-28 00:02 - 00000000 ____D C:\Windows\Downloaded Installations
2013-11-27 02:08 - 2013-02-02 21:11 - 00000000 ____D C:\Users\Intel\AppData\Roaming\Dropbox
2013-11-27 02:01 - 2013-02-02 21:16 - 00000000 ___RD C:\Users\Intel\Downloads\Dropbox
2013-11-26 23:47 - 2010-10-21 18:21 - 00315680 _____ C:\Users\Intel\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 22:35 - 2013-11-26 22:35 - 00000000 ____D C:\Users\Intel\Documents\eRightSoft
2013-11-26 22:34 - 2013-11-26 22:34 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-11-26 22:06 - 2013-03-14 09:45 - 00000000 ____D C:\Users\Intel\AppData\Roaming\HandBrake
2013-11-23 19:26 - 2013-12-11 02:42 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 02:42 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 17:52 - 2012-10-17 23:20 - 00000000 ___RD C:\Users\Intel\Downloads\Jasna

Some content of TEMP:
====================
C:\Users\Intel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 13:26

==================== End Of Log ============================




mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Racunar je cist, kakvo je stanje?

Ko je trenutno na forumu
 

Ukupno su 657 korisnika na forumu :: 9 registrovanih, 2 sakrivenih i 646 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Battlehammer, DPera, dragoljub11987, hyla, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic