Usporen Chrome

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Desio mi se problem sa racunarom. Sve je opisano u temi:
http://www.mycity.rs/Web-browseri/Usporen-Chrome-4.html
gdje sam i dobio preporuku da otvorim temu u Ambulanti.
Evo citiracu opis problema:
Citat:Imam problem sa internetom i Chrome-om.
Do prije dva - tri dana sve je bilo uredu. Onda je neko sjeo za komp...uglavnom nzm ko i sta je radio, ali ja kad sam dosao kuci, otvorim chrome, kao da to nije isti racunar.
Sporo ucitava stranice, steka kad se skroluje, youtube nenormalno steka (cak i soundcloud steka), nestale sve extenzije, sreca da su ostali bookmarkovi...
E sad ja sam ponovo instalirao extenzije i mislio da ce sve biti dobro, ali vise neogu izdrzati.
Brisao sam istoriju, cache i cookies, na yt iskljucio hardware acceleration (iako prije nije bio iskljucen), updateovao chrome, skenirao na qualas browser check, al opet nema pomoci.
Drugih browsera nemam i ne koristim. Probao sam jedino IE. Bolje je situacija ali opet nije kako je nekad bila (mada ne koristim IE, ali ponekad zasteka yt sto se prije nije nikad desavalo)
AV ne obavjestava nista.
I dopuna:
Jimmy4 ::Da dodam. Skenirao i ocistio CCleanerom, TFC-om, defragmentovao disk i nista... mozda malo bolje, ali nije to kao prije.
Koristim Avast AV i quick scan nije nasao viruse. Full scan ne mogu cekati...za pola sata samo 4%
Sad mi se (u toku pisanja poruke) desilo da je ekran samo pocrnio...onda dodje slika i pise da je driver od graficke prestao sa radom i da je recovery-ovan (nzm kako bi ovo preveo), a to mi se nije nikad prije desavalo.
Takodje mi se jednom desilo da se racunar potpuno ugasi iz cista mira. Kad se ponovo ukljuci sve bude normalno.
Na YT mi se desava da ponekad kad pustm neki klip ima zvuk ali nema slike (sve crno). Mada je to mozda i neki njihov bug, ali nevjerujem.
+ Brzina interneta mi je 3584/320 mb/s a trenutno je speedtest

Znači hoću da provjerim da li se radi o nekom malware-u, jer vise ne mogu trpiti ovo.

Internet konekcija: ADSL Optima paket 3584/320 kb/s Trenutno
OS: Windows 7 Ultimate SP1 64-bit

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Korisnik at 21:43:25 on 2014-03-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.4095.1645 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ba/
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office2010\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast\aswWebRepIE.dll
uRun: [ABBYY Screenshot Reader Bonus] <no file>
mRun: [AvastUI.exe] "C:\Program Files\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Korisnik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AVASTU~1.LNK - C:\Program Files\Avast\AvastUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0CF3BACB-69ED-4AC3-8C7D-1CDFC9328B4A} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-11 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-5 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-5 421704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-25 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2013-1-15 29672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-5 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast\AvastSvc.exe [2014-2-17 50344]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-2 80184]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-2-11 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-2-11 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-27 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-8-20 204568]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 56832]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-2-20 106256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-23 1255736]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 ICM_UpdaterService;ICM_UpdaterService Disp;C:\Program Files (x86)\Samsung\Samsung Networking Wizard\ICM_Service.exe [2011-3-18 204883]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2013-1-14 292736]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-03-18 20:09:07 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{283726DC-B4B2-4573-96C9-8FF92D498E2F}\mpengine.dll
2014-03-14 09:49:06 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-14 09:49:06 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-14 09:48:55 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-14 09:48:54 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-14 09:48:53 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-13 18:41:18 -------- d-sh--w- C:\found.002
2014-03-12 09:48:26 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 09:48:26 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-22 19:51:46 -------- d-----w- C:\Users\Korisnik\AppData\Roaming\AIMP3
2014-02-22 19:51:42 -------- d-----w- C:\Program Files (x86)\AIMP3
.
==================== Find3M ====================
.
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-17 08:29:12 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-17 08:29:12 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-17 08:29:12 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-17 08:29:11 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-22 07:52:12 206080 ----a-w- C:\Windows\System32\drivers\ssudserd.sys
2014-01-22 07:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 07:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-02 10:34:03 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 21:44:30,29 ===============


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32-bit. i 64-bitna verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na Disclaimer prozor;
pod Optional Scan sekciji, označi List BCD i Driver MD5 polja;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Korisnik (administrator) on SASA-PC on 20-03-2014 21:06:17
Running from C:\Users\Korisnik\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [5055488 2007-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Avast\AvastUI.exe [3767096 2014-02-17] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2688873612-102438043-4267742555-1001\...\Run: [ABBYY Screenshot Reader Bonus] - [X]
HKU\S-1-5-21-2688873612-102438043-4267742555-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2688873612-102438043-4267742555-1001\...\MountPoints2: {e06c7e3a-e02e-11e2-a061-005056c00008} - G:\cdstart.exe
Startup: C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvastUI.exe.lnk
ShortcutTarget: AvastUI.exe.lnk -> C:\Program Files\Avast\AvastUI.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8F7FD8C4DF6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bs-Latn-BA
URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=32
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=32
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=062A001F81000830
SearchScopes: HKCU - {6912D316-C207-4407-9B0E-307ECE053A4A} URL = http://search.phpnuke.org/?lang=en&cid=457c4dfc&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz0ymcB3x&i=26
SearchScopes: HKCU - {ECC9B8A4-A1A1-4657-B54A-60B08B7CF1A8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-13]
CHR Extension: (Google Drive) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-23]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-13]
CHR Extension: (Google Search) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-23]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-13]
CHR Extension: (avast! Online Security) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-13]
CHR Extension: (Unfriend Finder) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2014-03-13]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-13]
CHR Extension: (Google Wallet) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-23]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-23]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Korisnik\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Korisnik\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Korisnik\AppData\Roaming\iPumper\extension_chrome.crx [2013-12-16]

==================== Services (Whitelisted) =================

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)
S4 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] ()
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [43056 2010-03-10] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53808 2010-03-10] (National Instruments Corporation)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [358448 2010-03-10] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2010-05-17] (Macrovision Corporation)
S4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [13896 2009-10-20] (National Instruments Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2012-12-13] (Puran Software)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-02] ()
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-25] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [29672 2013-01-15] (REALiX(tm))
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [8704 2006-02-07] (JMicron )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-02-20] (Oracle Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 4284FB1240537A33E6EC417EFD87D40F
C:\Windows\System32\DRIVERS\atikmpag.sys 6C25C497E05EFD0CB6033A0444FC9B51
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswMonFlt.sys 0ACC3F49015E628590CA4372322EB46B
C:\Windows\system32\drivers\aswRdr2.sys 679712B7A353EE665B9301592164A172
C:\Windows\System32\Drivers\aswRvrt.sys C04F7B373881009D7994D9BF55D24AB4
C:\Windows\system32\drivers\aswSnx.sys 43599E630DFC30AD4E6A2B4B269EB1C0
C:\Windows\system32\drivers\aswSP.sys F22DE5F5BA8ADA0A861441B624B51EB5
C:\Windows\system32\drivers\aswStm.sys FD3EA14ADF6216BDF4030DB2EFD43D96
C:\Windows\System32\Drivers\aswVmm.sys 90399625F341AB76BA4B85A5E860EB1F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\l160x64.sys 940E5B876251E04FFFE058AD71FE0F1C
C:\Windows\System32\drivers\AtihdW76.sys 24464B908E143D2561E9E452FEE97309
C:\Windows\System32\DRIVERS\atikmdag.sys 4284FB1240537A33E6EC417EFD87D40F
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS 012015A7DA5D7DD5DDDF3BE4C34CBE3B
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys DFE66F9C8B74BAFBC1C54052552571FF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\JGOGO.sys 7FF7DB8466DA74DA7AD64A55F31221F6
C:\Windows\System32\DRIVERS\jraid.sys D184DF5643F36C79BA75D4F98100EC28
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 2219A3D695405E7BA2186BA6B9EDE14A
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\sscdbus.sys DF11D259C10C9D0DFCCBA1093C5DB1BD
C:\Windows\System32\DRIVERS\sscdmdfl.sys 3EF9386DC95BF2AE60D08367E5E4E785
C:\Windows\System32\DRIVERS\sscdmdm.sys 00D2AA893C662A9EB9B779F6CA2B0DFB
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\System32\DRIVERS\ssudobex.sys 9A8D59146B6FC187140179D0F05EB07E
C:\Windows\System32\DRIVERS\ssudserd.sys 76F7D7217FBDAB77798A2A244ACD641F
C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\Drivers\UsbFltr.sys 68BAD03835873D4BBBDE95CBB135A395
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\VBoxDrv.sys AF2270D803E2A7FA3E74AC0A0321E92E
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys AD61E0153205FF3D486B8111318A0D82
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys E4FB1031E7E583279597FFE4C11C4E21
C:\Windows\System32\Drivers\VBoxUSB.sys 07C6A2E4BC73A0E9B9C97DC547F70C0A
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 33E6E882E583BD163291DD568381492D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmnetadapter.sys AEF53B47E960F227BF7638A6A1A9D5C6
C:\Windows\System32\DRIVERS\vmnetbridge.sys C234A1DC2F06A15B9210787F54253810
C:\Windows\system32\drivers\vmnetuserif.sys 36EDBFE2C2405081620ADEF7B691ED89
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 21:06 - 2014-03-20 21:07 - 00030526 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-03-20 21:05 - 2014-03-20 21:06 - 00000000 ____D () C:\FRST
2014-03-20 21:04 - 2014-03-20 21:04 - 02157056 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe
2014-03-20 08:49 - 2014-03-20 08:50 - 05030912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 22:07 - 2014-03-19 22:07 - 00130540 _____ () C:\Users\Korisnik\Desktop\bookmarks_3_19_14.html
2014-03-19 21:38 - 2014-03-20 08:49 - 00000056 _____ () C:\Windows\setupact.log
2014-03-19 21:38 - 2014-03-19 21:38 - 00109296 _____ () C:\Users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 21:38 - 2014-03-19 21:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 21:52 - 2014-03-17 22:00 - 00000000 ____D () C:\Users\Korisnik\Desktop\FreeOCRPortable
2014-03-14 10:49 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-14 10:49 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-14 10:48 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 10:48 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 10:48 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 19:41 - 2014-03-13 19:41 - 00000000 __SHD () C:\found.002
2014-03-12 10:50 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:50 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:50 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:50 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:50 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:50 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:50 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:50 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:50 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:50 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:50 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:50 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:50 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:50 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:50 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:50 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:50 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:50 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:50 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:50 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:50 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:50 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:50 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:50 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:50 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:50 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:50 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:50 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:50 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:50 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:50 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:50 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:50 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:50 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:50 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:50 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:50 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:50 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:50 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:50 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:50 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:50 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:50 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:48 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:48 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-03 21:00 - 2014-03-03 21:00 - 00002172 _____ () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-22 20:51 - 2014-03-13 23:45 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\AIMP3
2014-02-22 20:51 - 2014-02-22 21:09 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-02-22 20:51 - 2014-02-22 20:51 - 00000914 _____ () C:\Users\Public\Desktop\AIMP3.lnk

==================== One Month Modified Files and Folders =======

2014-03-20 21:07 - 2014-03-20 21:06 - 00030526 _____ () C:\Users\Korisnik\Desktop\FRST.txt
2014-03-20 21:07 - 2012-11-22 22:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 21:06 - 2014-03-20 21:05 - 00000000 ____D () C:\FRST
2014-03-20 21:04 - 2014-03-20 21:04 - 02157056 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST64.exe
2014-03-20 20:27 - 2012-11-22 23:02 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 19:21 - 2013-07-09 14:48 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2688873612-102438043-4267742555-1001UA.job
2014-03-20 19:21 - 2013-07-09 14:48 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2688873612-102438043-4267742555-1001Core.job
2014-03-20 19:12 - 2013-03-17 13:37 - 01090340 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 11:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-20 08:57 - 2009-07-14 05:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 08:57 - 2009-07-14 05:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 08:50 - 2014-03-20 08:49 - 05030912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 08:50 - 2012-11-22 23:10 - 00000296 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-20 08:50 - 2012-11-22 23:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 08:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 08:49 - 2014-03-19 21:38 - 00000056 _____ () C:\Windows\setupact.log
2014-03-19 22:07 - 2014-03-19 22:07 - 00130540 _____ () C:\Users\Korisnik\Desktop\bookmarks_3_19_14.html
2014-03-19 21:38 - 2014-03-19 21:38 - 00109296 _____ () C:\Users\Korisnik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 21:38 - 2014-03-19 21:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 21:11 - 2013-01-14 19:42 - 00000000 ____D () C:\Program Files\Puran Defrag
2014-03-19 10:46 - 2013-02-05 22:05 - 00004152 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-17 22:00 - 2014-03-17 21:52 - 00000000 ____D () C:\Users\Korisnik\Desktop\FreeOCRPortable
2014-03-16 23:20 - 2012-11-25 14:19 - 00000010 _____ () C:\Windows\popcinfo.dat
2014-03-16 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-15 22:14 - 2013-02-05 22:05 - 00000000 ____D () C:\Program Files\Avast
2014-03-14 10:53 - 2013-08-14 15:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-14 10:53 - 2012-11-22 23:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 10:50 - 2012-11-22 23:58 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 23:45 - 2014-02-22 20:51 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\AIMP3
2014-03-13 19:53 - 2013-02-05 22:05 - 00001772 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-13 19:41 - 2014-03-13 19:41 - 00000000 __SHD () C:\found.002
2014-03-13 11:28 - 2013-03-12 22:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 11:28 - 2013-03-12 22:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 21:06 - 2014-01-16 20:40 - 00000000 ___RD () C:\Users\Korisnik\SkyDrive
2014-03-11 23:45 - 2013-09-06 19:10 - 00000000 ____D () C:\Users\Korisnik\Documents\Euro Truck Simulator 2
2014-03-09 18:18 - 2012-11-22 22:25 - 00000000 ____D () C:\Users\Korisnik
2014-03-09 18:17 - 2013-03-13 20:10 - 00000875 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-09 18:15 - 2014-01-02 13:18 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTA SA Bosna MOD 2013®
2014-03-09 18:15 - 2013-02-09 17:01 - 00000000 ____D () C:\Users\Korisnik\AppData\Roaming\uTorrent
2014-03-09 18:15 - 2012-11-23 06:51 - 00000000 ____D () C:\Windows\Panther
2014-03-09 18:14 - 2013-02-03 18:31 - 00000000 ____D () C:\Program Files\ccleaner
2014-03-08 20:44 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 08:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-03 21:05 - 2014-01-16 20:32 - 00000000 ____D () C:\Users\Korisnik\Cloud@Mail.Ru
2014-03-03 21:02 - 2012-11-23 22:47 - 00293888 ___SH () C:\Users\Korisnik\Thumbs.db
2014-03-03 21:00 - 2014-03-03 21:00 - 00002172 _____ () C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-03 20:57 - 2014-01-16 20:30 - 00000000 ____D () C:\Program Files\Mail.ru-Cloud
2014-03-01 21:09 - 2013-06-30 22:07 - 00000000 ____D () C:\Users\Korisnik\.VirtualBox
2014-03-01 07:05 - 2014-03-12 10:50 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 10:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 10:50 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 10:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 10:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 10:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 10:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 10:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 10:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 10:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 10:50 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 10:50 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 10:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 10:50 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 10:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 10:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 10:50 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 10:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 10:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 10:50 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 10:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 10:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 10:50 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 10:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 10:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 10:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 10:50 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 10:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 10:50 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 10:50 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 10:50 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 10:50 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 10:50 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 10:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 10:50 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 10:50 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 10:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 10:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-25 22:05 - 2013-05-25 22:15 - 00000000 ____D () C:\Users\Korisnik\Documents\Ubuntu with universal usb inasaller
2014-02-25 21:44 - 2012-12-13 10:04 - 00000000 ____D () C:\ProgramData\MCShield
2014-02-22 21:09 - 2014-02-22 20:51 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-02-22 20:51 - 2014-02-22 20:51 - 00000914 _____ () C:\Users\Public\Desktop\AIMP3.lnk

Some content of TEMP:
====================
C:\Users\Korisnik\AppData\Local\Temp\mcse64_00.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {105970ff-bb10-11e2-9231-806e6f6e6963}
displayorder {2bfe2178-bb5c-11e2-aca6-f721e5dce02c}
{current}
{2e0cb19c-b802-11e2-887f-c5c749f02204}
{d227c0f9-de84-11e2-b42f-005056c00008}
toolsdisplayorder {memdiag}
timeout 10
displaybootmenu Yes

Windows Boot Loader
-------------------
identifier {28dad982-5616-11e2-8ccf-d41e1f379104}
device unknown
path \Windows\system32\winload.exe
description Windows 7
locale en-US
osdevice unknown
systemroot \Windows
resumeobject {cf7fe41b-55ca-11e2-b3ae-806e6f6e6963}

Windows Boot Loader
-------------------
identifier {28dad983-5616-11e2-8ccf-d41e1f379104}

Windows Boot Loader
-------------------
identifier {28dad98c-5616-11e2-8ccf-d41e1f379104}

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
osdevice partition=C:
systemroot \Windows
resumeobject {105970ff-bb10-11e2-9231-806e6f6e6963}

Windows Boot Loader
-------------------
identifier {2bfe2172-bb5c-11e2-aca6-f721e5dce02c}
device ramdisk=[C:]\Recovery\28dad98c-5616-11e2-8ccf-d41e1f379104\Winre.wim,{2bfe2173-bb5c-11e2-aca6-f721e5dce02c}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[C:]\Recovery\28dad98c-5616-11e2-8ccf-d41e1f379104\Winre.wim,{2bfe2173-bb5c-11e2-aca6-f721e5dce02c}
systemroot \windows
winpe Yes

Windows Boot Loader
-------------------
identifier {2bfe2176-bb5c-11e2-aca6-f721e5dce02c}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\2bfe2176-bb5c-11e2-aca6-f721e5dce02c\Winre.wim,{2bfe2177-bb5c-11e2-aca6-f721e5dce02c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\2bfe2176-bb5c-11e2-aca6-f721e5dce02c\Winre.wim,{2bfe2177-bb5c-11e2-aca6-f721e5dce02c}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {2e0cb19c-b802-11e2-887f-c5c749f02204}
device partition=D:
path \Windows\system32\winload.exe
description Windows 8
locale en-US
inherit {bootloadersettings}
recoverysequence {28dad98c-5616-11e2-8ccf-d41e1f379104}
integrityservices Enable
recoveryenabled Yes
custom:17000077 352321653
osdevice partition=D:
systemroot \Windows
resumeobject {2e0cb19b-b802-11e2-887f-c5c749f02204}
nx OptIn
custom:250000c2 1

Resume from Hibernate
---------------------
identifier {105970ff-bb10-11e2-9231-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {28dad98a-5616-11e2-8ccf-d41e1f379104}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {28dad98c-5616-11e2-8ccf-d41e1f379104}
recoveryenabled Yes
custom:17000077 352321653
filedevice partition=D:
filepath \hiberfil.sys
custom:25000008 1
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {2e0cb19b-b802-11e2-887f-c5c749f02204}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {28dad98c-5616-11e2-8ccf-d41e1f379104}
recoveryenabled Yes
custom:17000077 352321653
filedevice partition=D:
filepath \hiberfil.sys
custom:25000008 1
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {cf7fe41b-55ca-11e2-b3ae-806e6f6e6963}
device unknown
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice unknown
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Real-mode Boot Sector
---------------------
identifier {2bfe2178-bb5c-11e2-aca6-f721e5dce02c}
device partition=C:
path \NST\AutoNeoGrub0.mbr
description Linux

Real-mode Boot Sector
---------------------
identifier {d227c0f9-de84-11e2-b42f-005056c00008}
device partition=C:
path \plop\plpbt4win.ldr
description Plop Boot Manager

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {1f8184a5-14de-11df-9734-f08c6d8c50b0}
description Ramdisk Options
ramdisksdidevice unknown
ramdisksdipath \Recovery\1f8184a4-14de-11df-9734-f08c6d8c50b0\boot.sdi

Device options
--------------
identifier {28dad984-5616-11e2-8ccf-d41e1f379104}
ramdisksdidevice unknown
ramdisksdipath \Recovery\c563d85f-3531-11e2-87f4-ba917b48ad08\boot.sdi

Device options
--------------
identifier {28dad98d-5616-11e2-8ccf-d41e1f379104}
description Windows Recovery
ramdisksdidevice unknown
ramdisksdipath \Recovery\28dad98c-5616-11e2-8ccf-d41e1f379104\boot.sdi

Device options
--------------
identifier {2bfe2173-bb5c-11e2-aca6-f721e5dce02c}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\28dad98c-5616-11e2-8ccf-d41e1f379104\boot.sdi

Device options
--------------
identifier {2bfe2177-bb5c-11e2-aca6-f721e5dce02c}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\2bfe2176-bb5c-11e2-aca6-f721e5dce02c\boot.sdi



LastRegBack: 2014-03-16 16:32

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz0ymcB3x&i=26
SearchScopes: HKCU - {ECC9B8A4-A1A1-4657-B54A-60B08B7CF1A8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
CHR Extension: (Unfriend Finder) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2014-03-13]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-23]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-11-19]
C:\Program Files\IB Updater
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Korisnik\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Korisnik\AppData\Roaming\iPumper\extension_chrome.crx [2013-12-16]
Task: {525F1BF8-4C95-432B-8F6F-19CD127AF88C} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: {6CB8AEA2-3DDF-45BE-A092-F022B4D58D50} - System32\Tasks\Escolade => C:\Users\Korisnik\AppData\Roaming\iPumper\Updater.exe
C:\Users\Korisnik\AppData\Roaming\iPumper


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt





Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 21 Mar 2014 21:32

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Korisnik at 2014-03-21 21:20:22 Run:1
Running from C:\Users\Korisnik\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz0ymcB3x&i=26
SearchScopes: HKCU - {ECC9B8A4-A1A1-4657-B54A-60B08B7CF1A8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
CHR Extension: (Unfriend Finder) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2014-03-13]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-23]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-11-19]
C:\Program Files\IB Updater
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Korisnik\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Korisnik\AppData\Roaming\iPumper\extension_chrome.crx [2013-12-16]
Task: {525F1BF8-4C95-432B-8F6F-19CD127AF88C} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Task: {6CB8AEA2-3DDF-45BE-A092-F022B4D58D50} - System32\Tasks\Escolade => C:\Users\Korisnik\AppData\Roaming\iPumper\Updater.exe
C:\Users\Korisnik\AppData\Roaming\iPumper
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ECC9B8A4-A1A1-4657-B54A-60B08B7CF1A8} => Key deleted successfully.
HKCR\CLSID\{ECC9B8A4-A1A1-4657-B54A-60B08B7CF1A8} => Key not found.
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
"C:\Program Files\IB Updater\source.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => Key deleted successfully.
"C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
"C:\Program Files\IB Updater\source.crx" => File/Directory not found.
"C:\Program Files\IB Updater" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
C:\Users\Korisnik\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc => Key deleted successfully.
"C:\Users\Korisnik\AppData\Roaming\iPumper\extension_chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{525F1BF8-4C95-432B-8F6F-19CD127AF88C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{525F1BF8-4C95-432B-8F6F-19CD127AF88C} => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update => Key deleted successfully.
"C:\Program Files (x86)\YourFileDownloader" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CB8AEA2-3DDF-45BE-A092-F022B4D58D50} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CB8AEA2-3DDF-45BE-A092-F022B4D58D50} => Key deleted successfully.
C:\Windows\System32\Tasks\Escolade => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade => Key deleted successfully.
C:\Users\Korisnik\AppData\Roaming\iPumper => Moved successfully.

==== End of Fixlog ====


https://www.mycity.rs/must-login.png

Dopuna: 21 Mar 2014 21:47

https://www.mycity.rs/must-login.png
Mogu reci da se stanje popravilo... Sve je u redu
Sta je bilo je li neki malware?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije malware već nepoželjan softver u vidu toolbarova i dodataka za Chrome. Sada ćemo odraditi i ARK provjeru.

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvještaji su čisti. Ostaje ti sam oda uradiš ovo.


• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK, hvala vam mnogo.
MCShield već koristim.