Izuzetno spor internet

Izuzetno spor internet

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4201
  • Gde živiš: U zlatnom kavezu

Komp prikacen na mooj ruter, brzina 10/1mb/s ne razvija brzinu vecu od 25 kb/s..... dok moj komp radi u full speedu....... komp je inace kanta... 1 gb RAM-a sa win 7 i integrisanom grafikom i na sve to celeron procesorom... Bebee Dol

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Stankov (administrator) on STANKOV-PC on 30-12-2014 22:28:26
Running from C:\Users\Stankov\Desktop
Loaded Profile: Stankov (Available profiles: Stankov)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Google Inc.) C:\Users\Stankov\AppData\Local\Google\Update\GoogleUpdate.exe
(BitTorrent Inc.) C:\Users\Stankov\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TeamViewer GmbH) C:\Users\Stankov\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Stankov\AppData\Local\Temp\TeamViewer\tv_w32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2008-08-08] (cyberlink)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-15] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1484728200-697245223-202128682-1000\...\Run: [Google Update] => C:\Users\Stankov\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-11] (Google Inc.)
HKU\S-1-5-21-1484728200-697245223-202128682-1000\...\Run: [uTorrent] => C:\Users\Stankov\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-21] (BitTorrent Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1484728200-697245223-202128682-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default
FF Homepage: https://www.google.rs/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1484728200-697245223-202128682-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stankov\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1484728200-697245223-202128682-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stankov\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-12]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR Profile: C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Adblock Plus) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-12]
CHR Extension: (Google Search) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-26]
CHR Extension: (Google Wallet) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
CHR Extension: (Gmail) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 bdselfpr; C:\Users\Stankov\AppData\Local\Temp\RarSFX0\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-06-09] (Samsung Electronics Co., Ltd.) [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-10] (Samsung Electronics) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [41456 2008-08-08] (Cyberlink Corp.)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 22:28 - 2014-12-30 22:29 - 00010846 _____ () C:\Users\Stankov\Desktop\FRST.txt
2014-12-30 22:28 - 2014-12-30 22:28 - 00000000 ____D () C:\FRST
2014-12-30 22:18 - 2014-12-30 22:19 - 01114624 _____ (Farbar) C:\Users\Stankov\Desktop\FRST.exe
2014-12-30 22:08 - 2014-12-30 22:08 - 00009131 _____ () C:\ProgramData\1419973660.2144.bin
2014-12-30 22:08 - 2014-12-30 22:08 - 00002261 _____ () C:\ProgramData\1419973660.2100.bin
2014-12-30 22:08 - 2014-12-30 22:08 - 00000507 _____ () C:\ProgramData\1419973660.1672.bin
2014-12-30 22:08 - 2014-12-30 22:08 - 00000000 ____D () C:\Program Files\Bitdefender
2014-12-30 22:07 - 2014-12-30 22:27 - 38801392 _____ (COMODO) C:\Users\Stankov\Downloads\icedragonsetup.exe
2014-12-30 22:07 - 2014-12-30 22:09 - 00035041 _____ () C:\ProgramData\1419973660.3728.bin
2014-12-30 22:07 - 2014-12-30 22:08 - 00048562 _____ () C:\ProgramData\1419973660.2076.bin
2014-12-30 22:07 - 2014-12-30 22:08 - 00014304 _____ () C:\ProgramData\1419973660.1260.bin
2014-12-30 22:07 - 2014-12-30 22:08 - 00003296 _____ () C:\ProgramData\1419973660.1848.bin
2014-12-30 22:07 - 2014-12-30 22:08 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\QuickScan
2014-12-30 22:07 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-12-30 22:07 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-12-30 22:05 - 2014-12-30 22:07 - 09927424 _____ () C:\Users\Stankov\Downloads\Antivirus_Free_Edition_x86.exe
2014-12-30 22:05 - 2014-12-30 22:05 - 00162208 _____ () C:\Users\Stankov\Downloads\Antivirus_Free_Edition.exe
2014-12-30 21:59 - 2014-12-30 21:59 - 00000000 ____D () C:\OETemp
2014-12-30 21:57 - 2014-12-30 21:57 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-12-30 21:52 - 2014-12-30 21:52 - 00001030 _____ () C:\Users\Stankov\Desktop\Your Unin-staller!.lnk
2014-12-30 21:52 - 2014-12-30 21:52 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\URSoft
2014-12-30 21:52 - 2014-12-30 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2014-12-30 21:52 - 2014-12-30 21:52 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2014-12-30 21:51 - 2014-12-30 21:51 - 00000000 ____D () C:\Users\Stankov\Desktop\Your.Uninstaller.Pro.7.5.2013.02.DC.18.03.2013
2014-12-30 21:47 - 2014-12-30 21:51 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\TeamViewer
2014-12-30 21:40 - 2014-12-30 21:42 - 07720120 _____ (TeamViewer GmbH) C:\Users\Stankov\Downloads\TeamViewer_Setup_sr-ckq.exe
2014-12-30 21:20 - 2014-12-30 21:20 - 00004286 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-12-30 21:20 - 2014-12-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-30 21:20 - 2014-12-30 21:20 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-30 21:20 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-12-30 21:20 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-30 21:20 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-30 21:20 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-30 21:03 - 2014-12-30 21:03 - 00000000 ___RD () C:\Users\Stankov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-12-09 10:51 - 2014-12-09 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 22:29 - 2014-06-13 10:40 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\uTorrent
2014-12-30 22:23 - 2009-07-14 05:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 22:23 - 2009-07-14 05:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 22:06 - 2014-06-12 07:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 21:59 - 2014-08-12 09:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 21:59 - 2014-06-11 14:30 - 00000000 ____D () C:\ProgramData\Avira
2014-12-30 21:59 - 2014-06-11 14:30 - 00000000 ____D () C:\Program Files\Avira
2014-12-30 21:59 - 2014-06-10 21:44 - 00046082 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 21:55 - 2014-06-11 10:48 - 00000000 ____D () C:\ProgramData\Temp
2014-12-30 21:21 - 2014-06-12 07:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-30 21:20 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files\Java
2014-12-30 21:10 - 2009-07-14 05:39 - 00047155 _____ () C:\Windows\setupact.log
2014-12-30 21:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 23:33 - 2014-06-10 12:49 - 00000000 ____D () C:\Users\Stankov
2014-12-26 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-26 23:32 - 2014-06-11 10:51 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\Winamp
2014-12-26 23:32 - 2010-11-21 01:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-26 23:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-12-24 18:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-19 11:29 - 2014-06-11 12:42 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1484728200-697245223-202128682-1000Core.job
2014-12-19 10:22 - 2014-06-11 14:31 - 00000000 ____D () C:\The KMPlayer
2014-12-12 23:13 - 2010-11-20 22:01 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 09:20 - 2014-06-11 12:43 - 00002336 _____ () C:\Users\Stankov\Desktop\Google Chrome.lnk
2014-12-10 15:06 - 2014-06-12 07:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 15:06 - 2014-06-12 07:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 09:36 - 2014-06-11 12:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-04 11:47 - 2014-09-07 12:53 - 00000000 ____D () C:\Users\Stankov\AppData\Roaming\.minecraft

Some content of TEMP:
====================
C:\Users\Stankov\AppData\Local\Temp\7-zip.dll
C:\Users\Stankov\AppData\Local\Temp\7z.dll
C:\Users\Stankov\AppData\Local\Temp\7z.exe
C:\Users\Stankov\AppData\Local\Temp\avgnt.exe
C:\Users\Stankov\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 12:38

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Imaš ostatke Avire i BitDefendera.


Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

FF Extension: Avira Browser Safety - C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default\Extensions\abs@avira.com [2014-12-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R1 bdselfpr; C:\Users\Stankov\AppData\Local\Temp\RarSFX0\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\gzflt.sys
C:\Windows\System32\DRIVERS\trufos.sys
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
C:\Windows\System32\DRIVERS\avgntflt.sys
C:\Windows\System32\DRIVERS\avkmgr.sys


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4201
  • Gde živiš: U zlatnom kavezu

Napisano: 31 Dec 2014 11:33

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Stankov at 2014-12-31 11:26:42 Run:1
Running from C:\Users\Stankov\Desktop
Loaded Profile: Stankov (Available profiles: Stankov)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

FF Extension: Avira Browser Safety - C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default\Extensions\abs@avira.com [2014-12-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R1 bdselfpr; C:\Users\Stankov\AppData\Local\Temp\RarSFX0\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\gzflt.sys
C:\Windows\System32\DRIVERS\trufos.sys
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
C:\Windows\System32\DRIVERS\avgntflt.sys
C:\Windows\System32\DRIVERS\avkmgr.sys
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.
C:\Users\Stankov\AppData\Roaming\Mozilla\Firefox\Profiles\iks8lu13.default\Extensions\abs@avira.com => Moved successfully.
C:\Users\Stankov\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
bdselfpr => Unable to stop service
bdselfpr => Service deleted successfully.
gzflt => Unable to stop service
gzflt => Service deleted successfully.
trufos => Service stopped successfully.
trufos => Service deleted successfully.
C:\Windows\System32\DRIVERS\gzflt.sys => Moved successfully.
C:\Windows\System32\DRIVERS\trufos.sys => Moved successfully.
avgntflt => Service not found.
avkmgr => Service not found.
"C:\Windows\System32\DRIVERS\avgntflt.sys" => File/Directory not found.
"C:\Windows\System32\DRIVERS\avkmgr.sys" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 11:26:54 ====

Dopuna: 31 Dec 2014 11:36

Osim toga komp je cist?
Inace ostaci avire i defendera su posledica mog brisanja asvire i pokusaja da ubacim defender, ne bi li koliko toliko omogucio nesrecnoj masini da dise. No ubacivanje je poslo naopako, jer je instaler prijavi gresku, ali to je vec tema za Windows forum.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pokrenut je i BitTorrent klijent. Ugasi ga i reci mi kakvo je sad stanje sa brzinom konekcije.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4201
  • Gde živiš: U zlatnom kavezu

utorrent ugasen / stanje isto.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4201
  • Gde živiš: U zlatnom kavezu

Napisano: 31 Dec 2014 14:55

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.31.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Stankov :: STANKOV-PC [administrator]

31-Dec-14 14:26:05
mbar-log-2014-12-31 (14-26-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 291982
Time elapsed: 21 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dopuna: 31 Dec 2014 14:56

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sudeći po ovim izvještajima čist si što se malwarea tiče.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Arrow

Otvori temu u Windows forumu i tamo isnesi problem. Možda je prolem do drajvera za mrežnu karticu.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4201
  • Gde živiš: U zlatnom kavezu

i njega sam azurirao - jeste bio star, icini se da sad radi bolje...... al mbar mi je dugo skidao

Ko je trenutno na forumu
 

Ukupno su 562 korisnika na forumu :: 26 registrovanih, 1 sakriven i 535 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, aleksandarbl, black venom, Bobrock1, Bubimir, dane007, DucicM, indja, ladro, Lazarus, loon123, maiden6657, MB120mm, misa1xx, mkukoleca, mnn2, nikoladim, pein, rikirubio, RileHecr, simazr, Tas011, Trpe Grozni, Van, W123, zdrebac