Pomoc keylogger

1

Pomoc keylogger

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

Skinuo sam neki krek za igricu koji je bio keylogger, ima winlogon.exe u task menageru i plus mi se crasha ceo windows ne mogu da gasim komp ni nista slicno, probao sam u safe modu sa cmdom da idem system restore, nije uspelo. Probao sam u task menageru da stopiram to, takodje nije uspelo ACCES IS DENIED. Onda sam u cmdu pokusao da killam proces, takodje nije uspelo. Ne znam sta vise da radim inace sam skidao spyhunter i lepo je nasao keylogger i pisalo je da je inficiran KMService.exe ali nmg da fixam niti bilo sta da radim jer trebam da kupim spyhunter a ovaj retard mi ne daje da idem na netu a u safe modu sa netom kada skeniram ne mogu keylogger da nadjem pls pomoc!!
PROBLEM JE JUCE POCEO DA SE POJAVLJUJE



[edit by magna86: ispravljen naziv teme]

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

Postavio sam da li moze pomoc?

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

Napisano: 20 Maj 2016 14:59

Keylogger sta imam da kazem, researcha mi fajlove krade informacije itd..


Poceo se pojavljivati sinoc kada sam skinuo krek za igricu koji je bio keylogger.


Spyhunter ga je detektovao ali ga nmg izbrisati jer treba da se kupi.


Probao sam u safe modu sa networkingom da skinem malwarebytes ali nije naslo keylogger, takodje i spyhunter ga nije mogao u safe modu naci. Pokusao sam i preko CMD-a da killam proces ali nije uspelo ACCES IS DENIED, isto tako i u Task Menageru, keylogger ga nema u msconfig. Takodje nekad mi i ubaguje ceo windows ostavicu vam sliku koju mi je on dao da znate o kojem se keyloggeru radi.
SLIKA: postimg.org/image/ustcr383l/


SBB internet, 30 protokola, ne razumem sta sve tu moram da stavim.


Sve sam naveo.


FARBAR:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
Ran by komp (administrator) on KOMP-PC (20-05-2016 14:57:05)
Running from C:\Users\komp\Downloads
Loaded Profiles: komp (Available Profiles: komp)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Users\komp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\komp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\komp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\komp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\komp\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\...\Run: [Google Update] => C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-24] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{50C8614E-B092-4B16-B39F-7D25B337C235}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\2hb7ag5j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1206193790-2551591370-2848901336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\komp\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1206193790-2551591370-2848901336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\komp\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1206193790-2551591370-2848901336-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\komp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Extension: Quick Searcher - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\2hb7ag5j.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-05-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-04-24] [not signed]

Chrome:
=======
CHR Profile: C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Quick Searcher) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-12]
CHR Extension: (Google Drive) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433760 2015-12-01] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413280 2015-12-01] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855648 2015-12-01] (BlueStack Systems, Inc.)
S4 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-04-24] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-01] (BlueStack Systems)
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9121496 2014-06-11] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-20 14:57 - 2016-05-20 14:57 - 00009745 _____ C:\Users\komp\Downloads\FRST.txt
2016-05-20 14:57 - 2016-05-20 14:57 - 00000000 ____D C:\FRST
2016-05-20 14:56 - 2016-05-20 14:56 - 02382336 _____ (Farbar) C:\Users\komp\Downloads\FRST64.exe
2016-05-20 14:45 - 2016-05-20 14:45 - 00000000 ____D C:\Users\komp\AppData\Local\ElevatedDiagnostics
2016-05-20 13:42 - 2016-05-20 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free VPN
2016-05-20 13:42 - 2016-05-20 13:43 - 00000000 ____D C:\Users\komp\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-20 13:42 - 2016-05-20 13:43 - 00000000 ____D C:\Program Files (x86)\Platoward
2016-05-20 12:40 - 2016-05-20 12:40 - 00000937 _____ C:\Users\komp\Desktop\SpyHunter.lnk
2016-05-20 12:40 - 2016-05-20 12:40 - 00000000 ____D C:\sh4ldr
2016-05-20 12:40 - 2016-05-20 12:40 - 00000000 _____ C:\autoexec.bat
2016-05-20 12:39 - 2016-05-20 12:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-20 12:32 - 2016-05-20 13:53 - 00000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2016-05-20 12:32 - 2016-05-20 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2016-05-20 12:32 - 2016-05-20 13:53 - 00000000 ____D C:\Program Files (x86)\Stronghold AntiMalware
2016-05-19 23:48 - 2016-05-19 23:48 - 00794300 _____ C:\Users\komp\Downloads\Steam (zabranjeno)er Obuka.rar
2016-05-19 23:48 - 2016-05-19 23:48 - 00000000 ____D C:\Users\komp\AppData\Local\ESET
2016-05-19 23:45 - 2016-05-19 23:45 - 00000000 ____D C:\Users\komp\AppData\Local\Steam
2016-05-19 23:45 - 2016-05-19 23:45 - 00000000 ____D C:\Users\komp\AppData\Local\CEF
2016-05-19 23:40 - 2016-05-20 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-19 23:40 - 2016-05-20 13:53 - 00000000 ____D C:\Program Files (x86)\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-20 14:49 - 2009-07-14 07:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-20 14:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-20 14:45 - 2015-04-24 13:05 - 00505776 _____ C:\Windows\ntbtlog.txt
2016-05-20 14:43 - 2015-10-11 16:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 14:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 14:43 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-20 14:43 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-20 13:54 - 2015-01-29 11:35 - 00000000 ____D C:\Users\komp
2016-05-20 13:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-05-19 15:51 - 2015-10-11 16:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-18 22:48 - 2015-11-06 22:46 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-05-18 22:40 - 2015-01-30 06:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000UA.job
2016-05-18 22:40 - 2015-01-30 06:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000Core.job
2016-05-18 21:51 - 2015-11-06 22:46 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-1206193790-2551591370-2848901336-1000.job
2016-05-16 12:57 - 2015-12-04 02:19 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-05-13 16:41 - 2015-01-30 06:59 - 00002333 _____ C:\Users\komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 16:41 - 2015-01-30 06:59 - 00002325 _____ C:\Users\komp\Desktop\Google Chrome.lnk
2016-05-10 23:46 - 2015-10-11 16:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:46 - 2015-10-11 16:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:35 - 2015-01-30 06:57 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000UA
2016-05-10 22:35 - 2015-01-30 06:57 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000Core
2016-04-26 01:18 - 2015-07-22 13:10 - 00000000 ____D C:\Users\komp\Desktop\Bocko

==================== Files in the root of some directories =======

2013-02-07 14:22 - 2013-02-07 14:22 - 0050330 _____ () C:\Program Files (x86)\AntiDust.exe
2015-11-06 22:46 - 2015-11-06 22:46 - 0000003 _____ () C:\Users\komp\AppData\Local\updater.log
2015-11-06 22:46 - 2015-11-06 22:46 - 0000424 _____ () C:\Users\komp\AppData\Local\UserProducts.xml
2016-02-20 14:57 - 2016-02-20 14:57 - 0000000 _____ () C:\Users\komp\AppData\Local\{8A779318-9CF6-4231-966B-D4FB84D62659}
2015-01-29 11:44 - 2015-01-29 11:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 16:33

==================== End of FRST.txt ============================


ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by komp (2016-05-20 14:57:49)
Running from C:\Users\komp\Downloads
Windows 7 Ultimate (X64) (2015-01-29 18:27:01)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1206193790-2551591370-2848901336-500 - Administrator - Disabled)
Guest (S-1-5-21-1206193790-2551591370-2848901336-501 - Limited - Disabled)
komp (S-1-5-21-1206193790-2551591370-2848901336-1000 - Administrator - Enabled) => C:\Users\komp

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Flash Player 14 ActiveX & Plugin 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.3.153 - Adobe Systems, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Ashampoo Burning Studio 9.03 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.0.3 - ashampoo GmbH & Co. KG)
BlueStacks App Player (HKLM-x32\...\{D080F290-4B2A-4C67-9757-63DA0C6E8855}) (Version: 2.0.0.1011 - BlueStack Systems, Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.63.1071 - AB Team, d.o.o.)
ESET NOD32 Antivirus (HKLM\...\{50E9E32F-063A-412A-9627-553D5DA57C17}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
Google Chrome (HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Mozilla Firefox 42.0 (x86 sr) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 sr)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.60 - SamLab.ws)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 14.2.0 - UMEZAWA Takeshi)
uTorrent (HKLM-x32\...\uTorrent) (Version: - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version: - )
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1206193790-2551591370-2848901336-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\komp\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A27793-BD2B-4A8A-9588-C25EE8B7B383} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-03] (Realtek Semiconductor)
Task: {1EC6D37D-2741-4A56-B0E6-1C346E0F605F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {23D8D183-0F71-4F9E-8307-770A9D5128B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000Core => C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {6640AF45-BEA0-4EF6-95F2-C4E367562747} - System32\Tasks\update-S-1-5-21-1206193790-2551591370-2848901336-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {93AB497E-3684-407B-BDB4-FDA9089F38DD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-06-30] (Realtek Semiconductor)
Task: {A29CA032-DB08-4E2D-9837-0510B1C78101} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {AC539429-562C-4FAD-80AD-40DBA7FA2908} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000UA => C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {DB3E6522-5982-4A12-ADE9-AFDCBCB4F77C} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {F2F80E14-D04E-4896-B03B-AA65236B0E98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000Core.job => C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000UA.job => C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1206193790-2551591370-2848901336-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1206193790-2551591370-2848901336-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EhttpSrv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: Google Update => "C:\Users\komp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: RtsCM => RTSCM64.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4372892D-0B8D-47D6-BAF9-1AD2923A13B6}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{9F58A72A-8BA8-49D9-AF5D-3C6D9E898CA4}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{43C7C0FF-2E6B-4009-9854-2795DAD97338}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{29245327-D3A8-4F7D-9062-F5EF7C3243F9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BBFC45F6-9B6F-4B5F-945D-975C64E836D0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2D3E1440-B30E-42E3-ACFC-BB53D6ECCDDA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3DCEDE22-CB4F-43DA-81CA-47784150384E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7434FFF7-C4A7-41C8-8001-F8E9F505C78C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{072BEABC-EC97-4C6A-B554-17B09E081E50}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0BF1009A-DD68-4CC8-83F1-7A81AD954763}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{247D480D-7B3A-4187-A960-2A63728EB221}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{DA4C09E4-9993-4675-B8AE-9959F685F082}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{631BF25C-0AA0-439D-8CA3-27DEDA98AAF7}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64FC0271-7976-457A-B854-954F3F49FD95}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B11B28E-0E78-4D1C-8F1E-7B7DE4AA269D}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C76DBDF5-9399-4E27-A055-23343BD0BC3C}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBA51EC6-F42F-4899-93A9-4DC77FC5F3D0}] => (Allow) C:\Users\komp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9DB2B647-B738-449B-96B2-091CA9072D89}C:\program files (x86)\java\jre8\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{BA9C5383-211F-44B2-AF77-C9CB998F47C1}C:\program files (x86)\java\jre8\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre8\bin\javaw.exe
FirewallRules: [TCP Query User{4386DED6-D1FD-45DB-8A7B-8BCDBE51F805}C:\users\komp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\komp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A7870303-4202-4697-9A00-0DED902F79A8}C:\users\komp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\komp\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F994AF23-CF2E-403E-8C1C-A9849BAA3BB6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E9E66F88-ABC8-4E54-9B5E-572CF2DF7D76}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{753296DF-36BA-4538-B3F6-01ED3E7E91A3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2F9625D8-F086-4B18-9F5D-9B00F1EB5BEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5C30B74D-39A2-427C-8443-7563441BF934}C:\users\komp\appdata\roaming\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\komp\appdata\roaming\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BF37870E-70C6-490B-92B8-D8E12DCAB23A}C:\users\komp\appdata\roaming\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\komp\appdata\roaming\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B924BB70-192B-4DB4-8A99-6E2A77368D64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64580866-AF26-47A4-9BEF-958073423566}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{49DE038B-5362-4BED-9B02-3AD641207964}C:\program files (x86)\java\jre8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{7236611F-9AC5-48CC-B704-EA55A6EBFAC1}C:\program files (x86)\java\jre8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre8\bin\javaw.exe

==================== Restore Points =========================

19-04-2016 16:37:49 Scheduled Checkpoint
26-04-2016 21:05:10 Scheduled Checkpoint
04-05-2016 12:30:40 Scheduled Checkpoint
11-05-2016 23:20:41 Scheduled Checkpoint
19-05-2016 16:32:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (05/20/2016 01:57:10 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (692) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.


System errors:
=============
Error: (05/20/2016 02:45:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/20/2016 02:45:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/20/2016 02:45:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/20/2016 02:45:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/20/2016 02:45:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
ehdrv
spldr
Wanarpv6

Error: (05/20/2016 01:50:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/20/2016 01:46:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
CSC
DfsC
discache
ehdrv
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (05/20/2016 01:46:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (05/20/2016 01:46:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (05/20/2016 01:46:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B980 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3983.58 MB
Available physical RAM: 2831 MB
Total Virtual: 7965.31 MB
Available Virtual: 6911.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:103.41 GB) NTFS
Drive d: () (Fixed) (Total:319.28 GB) (Free:279.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B1EC132)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Dopuna: 20 Maj 2016 15:05

INACE SPYHUNTER JE PRONASAO KEYLOGGER POD IMENOM
KMSERVICE.EXE

Dopuna: 20 Maj 2016 15:55

Pomoc plssss

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav, izvini sto si cekao, svi smo nekako zauzeti. Inace, SPYHUNTER slobodno deinstaliraj da ti ne zauzima disk. To sto on govori da je keylogger nije malware. A sistem ti baguje jer nije lepo konfigurisan.


Nema veze, idemo na proveru iz drugog lica. Ima par stvari koje bih hteo dodatno da ispitam ...



1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

ComboFix 16-05-18.01 - komp 05/22/2016 12:58:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3984.2786 [GMT 2:00]
Running from: c:\users\komp\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2016-04-22 to 2016-05-22 )))))))))))))))))))))))))))))))
.
.
2016-05-22 11:03 . 2016-05-22 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-20 16:49 . 2016-05-20 16:49 -------- d-----w- c:\program files\Common Files\AV
2016-05-20 16:46 . 2016-05-22 10:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-05-20 16:45 . 2016-05-22 10:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2016-05-20 14:19 . 2016-05-22 10:54 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-20 14:19 . 2016-05-20 14:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-20 14:19 . 2016-05-20 14:19 -------- d-----w- c:\programdata\Malwarebytes
2016-05-20 14:19 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-20 14:19 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-20 14:19 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-20 12:57 . 2016-05-20 12:58 -------- d-----w- C:\FRST
2016-05-20 12:45 . 2016-05-20 12:45 -------- d-----w- c:\users\komp\AppData\Local\ElevatedDiagnostics
2016-05-20 11:42 . 2016-05-20 11:43 -------- d-----w- c:\users\komp\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-20 11:42 . 2016-05-20 11:42 -------- d-----w- c:\users\komp\AppData\Roaming\Profiles
2016-05-20 11:42 . 2016-05-20 11:43 -------- d-----w- c:\program files (x86)\Platoward
2016-05-20 10:40 . 2016-05-20 10:40 -------- d-----w- C:\sh4ldr
2016-05-20 10:39 . 2016-05-20 10:39 -------- d-----w- c:\program files\Enigma Software Group
2016-05-20 10:32 . 2016-05-20 11:53 -------- d-----w- c:\program files (x86)\Stronghold AntiMalware
2016-05-19 21:48 . 2016-05-19 21:48 -------- d-----w- c:\users\komp\AppData\Local\ESET
2016-05-19 21:45 . 2016-05-19 21:45 -------- d-----w- c:\users\komp\AppData\Local\Steam
2016-05-19 21:45 . 2016-05-19 21:45 -------- d-----w- c:\users\komp\AppData\Local\CEF
2016-05-19 21:40 . 2016-05-20 11:53 -------- d-----w- c:\program files (x86)\Steam
2016-05-01 02:44 . 2016-05-04 10:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60C01A6B-FBC3-4FB5-AED9-D0D5A4752038}\offreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11 14:28]
.
2016-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11 14:28]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000Core.job
- c:\users\komp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-30 10:36]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206193790-2551591370-2848901336-1000UA.job
- c:\users\komp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-30 10:36]
.
2016-05-18 c:\windows\Tasks\update-S-1-5-21-1206193790-2551591370-2848901336-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-11-06 12:29]
.
2016-05-20 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-11-06 12:29]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\2hb7ag5j.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="00057A1E553A2117"
"ScannerBuild"=dword:00005bf7
"ScannerVersionId"=dword:00002d07
"ScannerVersion"="ready"
"ei2"=hex(b):98,4f,b7,bf,06,10,95,0d
"ei1"=hex(b):20,89,84,aa,4d,be,00,00
"ei3"=hex(b):72,21,3a,55,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-22 13:04:49
ComboFix-quarantined-files.txt 2016-05-22 11:04
.
Pre-Run: 113,668,435,968 bytes free
Post-Run: 113,430,687,744 bytes free
.
- - End Of File - - 0F3551433CC4FBAA1B8CA9E4FE189ACE
A36C5E4F47E84449FF07ED3517B43A31




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png
evo postavio sam sve, inace antivirus mi nije bio ni ukljucen nigde a pise da ga ima, i u task menageru nije bilo antivirusa a u combofixu pise da ga ima, sve sam upload jer ne znam sta treba xD

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ti postavljas izvestaje koje ti nisam ni trazio ...

Nemas ti ovde malware ili keylogger. Sistem ne pokazuje znakove aktivne infekcije.

Sto se tice AV-a, da imas ti AV. Stara instalacija ESET AV-a koji kao nesto radi u pozadini. Deinstaliraj njega koristeci ESET AV Remover koji preuzimas sa ovog linka;
http://support.eset.com/kb3527/?locale=en_US
Alatka bi trebala da detektije prisustvo ESET ver_4.2 i da je deinstalira.

Takodje, mozes da bacis pogled na ovu temu;
http://www.mycity.rs/Zastitni-programi/Programi-za.....tvera.html






A sto se tebe tice, mozes da se opustis, prosto verujes softverima koji ni sami nisu od poverenja.




Sledeća procedura će implementirati završno čišćenje.



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.










Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

Kontaktirao sam tog lika, i takodje imam keylogger, poslao sam sliku keyloggera, dakle u task menageru imam 2 winlogon procesa jedan je od sistema jedan nije, takodje kada sam ukljucio spyhunter on mi je blokirao net, i blokirao shutdown dugme a sve ostalo je radilo, ubedjen sam da ima keylogger zato sto mi se to nikad do sad nije desilo, takodje kad sam ovaj combofix koristio prvi put mi se sam kompjuter ugasio sto mi se desilo 1. Put u zivotu, a onda sam cekao jedna pola sata pa sam pokrenuo combofix, znam da ima tu necega, inace to cu sad da uradim pa javljam

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ccc, sta ja ovde sve necu procitati...


Znas li ti uopste sta je keylogger i kako on radi? Gledaj, izvini ali ja stvarno ne mogu da se natezem sa tobom ili da ti sada objasnjavam initalije Windows-a. Winlogon (tvoj je digitalno potpisan) moze da ima vise instanci, ne moze biti kilovan kao clan Windows core fajlova. Da je jedan od njih malicioznan, ili bilo koji drugi, ja bih to video. Gore pomenuti KMService je legit servis, nije malware realated. Itd ...
Ne znam kog si lika kontaktirao, ti malware nemas (keylogger spada u tu grupu) i nista maliciozno nije aktivno. Windows ti ne radi stabilno jer nije fino konfigurisan i Event log prikazuje greske, raznih gresaka.
Combofix je svojim pokretanjem ucitao default unose u registry za drajvere, to bi trebalo biti sada mnogo bolje ali ima tu jos posla. Kada smo kod ComboFix-a, najlakse je sada i njega okriviti. To je kompleksan alat koji po nekada izvodi nepredvidjene stvari i sve je to u granicama normale. Itd ...

Da ne filozofiram, ponovicu se, ovo nije malware related slucaj. Ovde je problem do samog korisnika i do njegovih ubedjenja.

A ti ako i dalje posle moje analize verujes da imas keylogger jer ti tamo neki program to kaze, onda ja nemam komentar na to.
Jbg druze, i ja bih da hebem Jennifer Lopez al' ne ide.

offline
  • Pridružio: 20 Maj 2016
  • Poruke: 9

Napisano: 24 Maj 2016 19:40



Dopuna: 24 Maj 2016 19:41

Ne mogu uopste da skinem program

Dopuna: 24 Maj 2016 19:46

mycity.rs/must-login.png
A neee evo to je to proradio je Very Happy

Ko je trenutno na forumu
 

Ukupno su 1336 korisnika na forumu :: 27 registrovanih, 3 sakrivenih i 1306 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, Alibaba1981, Bane san, Boris BM, djboj, Dorcolac, draganca, ds69, Fabius, FileFinder, ILGromovnik, Istman, jackreacher011011, janbo, Joja2, kovinacc, kraJo, Krusarac, raketaš, S2M, sasakrajina, sevenino, shaja1, Srky Boy, suton, Vlada1389, vladulns