Problem sa pretrazivacima

1

Problem sa pretrazivacima

offline
  • Pridružio: 08 Mar 2008
  • Poruke: 17

Zdravo ljudi, imam jedan problemcic koji me nagoni na suicidna razmisljanja:
Vec skoro dva meseca (neposredno posto sam installirao igricu iSnooker) mi ne radi nijedan pretrazivac osim Chroma koji umesto pocetne strane izbacuje:
This webpage is not available
The webpage at google.com/ might be temporarily down or it may have moved permanently to a new web address.
Error 103 (net::ERR_CONNECTION_ABORTED): Unknown error.

Mislim da imam ADSL od 100kbps i da radi perfektno.

Znaci Chrom radi, samo sto izbacuje gore navedeno umesto pocetne stranice tj. ne moze da pronadje google.com, ali moze ako ukucam google.rs i google.me kao i bilo koji drugi sajt.
Sto se tice Firefoxa on izbacuje normalno pocetnu stranu, ali sta bilo da ukucam u google pretragu on ne moze naci vec samo obrce u prazno i ne izbacuje nikakvo upozorenje. Isto se desava i sa malim search barom cak i ako promenim na yahoo, bing ili sta vec.
Jedino sto radi na Firefoxu je URLpretraga ali samo pod uslovom da stranu koju zelim posetiti imam u history ili ako ukucam punu adresu(npr. wikipedia.org, a nece ako ukucam samo wikipedia) pod uslovom da nije google.com. NJega ne moze da pronadje dok moze google.rs i google.me kao i u slucaju sa Chromom.

Avast ne detektuje nikakav problem.

Instalirao sam Malwarebytes i OTL ali posto je moje znanje o njima minimalno(nema ga) nisam nista postigao(iako su oni valjda pobrisali neke stetnosti). Izbrisao sam prokletu igricu sa Revo Uninstallerom. Izvrsio Clean-up, Defragmentaciju, restartovao komp....i nista. Probao sam i sa CCleanerom koji naravno nije pomogao. Pokusao sam da reinstaliram Firefox, stariju, noviju, beta verziju, cak sam pokusao calovom Beretom da oduzmem sebi zivot ali i ona je u kvaru tako da sam je odneo kumu koji je strucnjak za oruzje. Crying or Very sad
Molio bih nekog da mi pomogne pre nego sto mi kum popravi utoku. :shock

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by asus at 4:29:24 on 2013-01-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.514 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Asus\EeePC ACPI\AsTray.exe
C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://poker.bet365.com/extra/en/vip-scheme/play-and-earn/
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SpecialSavings.Addon: {bb184e6d-26d1-461a-9226-b93ca8da2af9} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\asus\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AsusTray] c:\program files\asus\eeepc acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\asus\eeepc acpi\AsAcpiSvr.exe
mRun: [INPROCOMMWireless] c:\program files\atheros\wireless\utility\WlanUtil.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{22DAAC3F-045C-418D-9718-C623080F6EA0} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asus\application data\mozilla\firefox\profiles\3qej9csn.default\
FF - plugin: c:\documents and settings\asus\local settings\application data\google\update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-26 02:15; specialsavings@vshsolutions.com; c:\documents and settings\asus\application data\mozilla\extensions\specialsavings@vshsolutions.com
FF - ExtSQL: 2013-01-26 02:15; statuswinks@StatusWinks; c:\documents and settings\asus\application data\mozilla\extensions\statuswinks@StatusWinks
FF - ExtSQL: 2013-01-26 07:20; testpilot@labs.mozilla.com; c:\documents and settings\asus\application data\mozilla\firefox\profiles\3qej9csn.default\extensions\testpilot@labs.mozilla.com.xpi
FF - ExtSQL: !HIDDEN! 2013-01-26 02:15; statuswinks@StatusWinks; c:\documents and settings\asus\application data\mozilla\extensions\statuswinks@StatusWinks
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-26 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-26 360392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-26 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-26 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-26 682344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-11-21 62576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-26 21104]
S2 5874;5874;\??\c:\docume~1\asus\locals~1\temp\5874.sys --> c:\docume~1\asus\locals~1\temp\5874.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-21 1691480]
S3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2011-11-21 724736]
.
=============== Created Last 30 ================
.
2013-01-27 00:37:04 -------- d-sh--w- c:\documents and settings\asus\PrivacIE
2013-01-26 07:10:46 -------- d-----w- c:\documents and settings\asus\application data\Malwarebytes
2013-01-26 07:10:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-26 07:10:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-26 07:10:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-26 06:40:38 -------- d-----w- C:\Bobbi Starr
2013-01-26 06:02:45 -------- d-----w- c:\program files\VS Revo Group
2013-01-26 01:15:26 -------- d-----w- c:\program files\VideoPerformer
2013-01-26 01:15:06 -------- d-----w- c:\documents and settings\asus\application data\SpecialSavings
2013-01-26 01:14:57 -------- d-----w- c:\program files\SpecialSavings
2013-01-26 01:14:52 -------- d-----w- c:\program files\File Scout
2013-01-26 01:12:54 -------- d-----w- c:\documents and settings\asus\application data\StatusWinks
2013-01-26 01:09:36 -------- d-----w- c:\documents and settings\asus\application data\PerformerSoft
2013-01-26 01:09:31 18096 ----a-w- c:\windows\system32\roboot.exe
2013-01-26 01:09:12 -------- d-----w- c:\program files\Smiley Bar for Facebook
2013-01-26 01:08:59 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-25 15:20:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 16:07:51 -------- d-----w- c:\documents and settings\asus\local settings\application data\IIIU
2013-01-09 22:35:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 22:35:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 4:30:09,03 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, abdulsatarid



Korak 1.

Pokreni Control Panel --> Add or Remove Programs i obrisi sledece:
- Adobe Reader 7.0.5 (zastarela verzija, preuzmi najnoviju)
- Java(TM) 6 Update 31
- Smiley Bar for Facebook
- SpecialSavings

Restartuj racunar.



Korak 2.

Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter




Prikaci najnoviji izvestaj.



Korak 3.

Arrow Preuzmi program OTL sa donjeg linka na Desktop:

OTL download
Klikni na dati link i u prozoru koji se otvori, klikni na dugme Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati datoteku, odaberi Desktop i klikni na dugme Save.

Dvoklikom pokreni OTL;

klikni na dugme Run Scan;

po završetku skeniranja, izveštaj će se otvoriti u programu Notepad (napomena: izveštaj će automatski biti sačuvan na Desktopu kao OTL.Txt) .


Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 08 Mar 2008
  • Poruke: 17

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
malwarebytes.org

Database version: v2013.01.26.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
asus :: ADMINASUS [administrator]

Protection: Enabled

26.1.2013 8:16:06
mbam-log-2013-01-26 (08-16-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192189
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 724 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 3
C:\Documents and Settings\asus\Desktop\RemoveWGA.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)




OTL logfile created on: 28.1.2013 3:41:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\asus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

1014,11 Mb Total Physical Memory | 397,91 Mb Available Physical Memory | 39,24% Memory free
2,38 Gb Paging File | 1,91 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 34,24 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
Drive D: | 62,16 Gb Total Space | 21,70 Gb Free Space | 34,91% Space Free | Partition Type: NTFS

Computer Name: ADMINASUS | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.28 03:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asus\Desktop\OTL.exe
PRC - [2013.01.23 22:19:20 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.10.23 11:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.02 13:21:18 | 000,450,560 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
PRC - [2007.09.28 15:45:16 | 000,077,824 | ---- | M] (AsusTek Computer Inc,) -- C:\Program Files\Asus\EeePC ACPI\AsTray.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.27 21:51:51 | 002,049,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13012701\algo.dll
MOD - [2013.01.23 22:19:23 | 003,059,608 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008.04.14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013.01.23 22:19:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.13 02:32:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.11.09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.23 11:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\asus\LOCALS~1\Temp\5874.sys -- (5874)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.23 11:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.23 11:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.23 11:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.23 11:18:34 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.23 11:18:33 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.23 11:18:32 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.23 11:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.05.17 17:02:22 | 006,412,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010.12.28 11:16:22 | 000,062,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2010.04.27 16:09:36 | 001,605,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.08.03 03:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2007.07.26 20:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\asus\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\asus\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.26 03:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\statuswinks@StatusWinks: C:\Documents and Settings\asus\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2013.01.26 02:12:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 07:20:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\asus\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2013.01.26 02:12:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@vshsolutions.com: C:\Documents and Settings\asus\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com [2013.01.26 02:15:07 | 000,000,000 | ---D | M]

[2013.01.26 02:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\asus\Application Data\Mozilla\Extensions
[2013.01.26 02:15:07 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\asus\Application Data\Mozilla\Extensions\specialsavings@vshsolutions.com
[2013.01.26 02:12:54 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Documents and Settings\asus\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
[2013.01.26 07:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\asus\Application Data\Mozilla\Firefox\Profiles\3qej9csn.default\extensions
[2013.01.26 07:20:30 | 000,615,655 | ---- | M] () (No name found) -- C:\Documents and Settings\asus\Application Data\Mozilla\Firefox\Profiles\3qej9csn.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.01.26 07:20:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.26 07:20:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013.01.23 22:19:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.23 22:19:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.23 22:19:01 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Gmail = C:\Documents and Settings\asus\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.09.17 13:32:09 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\Asus\EeePC ACPI\AsTray.exe (AsusTek Computer Inc,)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22DAAC3F-045C-418D-9718-C623080F6EA0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\asus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\asus\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.21 15:10:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.01.24 19:34:50 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{e41470c8-2fed-11e1-b2e1-485b398b0812}\Shell - "" = AutoRun
O33 - MountPoints2\{e41470c8-2fed-11e1-b2e1-485b398b0812}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e41470c8-2fed-11e1-b2e1-485b398b0812}\Shell\AutoRun\command - "" = E:\Setup.now.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.28 03:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.27 03:57:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\asus\Recent
[2013.01.27 01:43:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\asus\Desktop\dds.com
[2013.01.27 01:37:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\asus\PrivacIE
[2013.01.26 08:36:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\asus\Desktop\OTL.exe
[2013.01.26 08:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Application Data\Malwarebytes
[2013.01.26 08:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.26 08:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.26 08:10:28 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.26 08:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.26 08:04:50 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\asus\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.26 07:40:38 | 000,000,000 | ---D | C] -- C:\Bobbi Starr
[2013.01.26 07:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.01.26 07:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.26 07:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Start Menu\Programs\Revo Uninstaller
[2013.01.26 07:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.01.26 06:32:28 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\asus\Desktop\revosetup.exe
[2013.01.26 06:31:47 | 003,787,704 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\asus\Desktop\dfsetup212.exe
[2013.01.26 06:16:03 | 021,155,776 | ---- | C] (Mozilla) -- C:\Documents and Settings\asus\Desktop\Firefox Setup 19.0b3.exe
[2013.01.26 02:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Start Menu\Programs\VideoPerformer
[2013.01.26 02:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoPerformer
[2013.01.26 02:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Application Data\SpecialSavings
[2013.01.26 02:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout
[2013.01.26 02:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Application Data\StatusWinks
[2013.01.26 02:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Application Data\PerformerSoft
[2013.01.26 02:09:31 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2013.01.26 02:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Start Menu\Programs\Haali Media Splitter
[2013.01.26 02:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2013.01.25 16:31:40 | 032,192,352 | ---- | C] (Google Inc.) -- C:\Documents and Settings\asus\Desktop\25.0.1364.45_chrome_installer.exe
[2013.01.25 16:20:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.25 16:20:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.25 16:20:58 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.25 16:20:26 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.23 08:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Desktop\TBOK
[2013.01.16 04:08:02 | 020,293,080 | ---- | C] (Mozilla) -- C:\Documents and Settings\asus\Desktop\Firefox Setup 18.0.exe
[2013.01.14 17:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Local Settings\Application Data\IIIU
[2013.01.09 23:35:09 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 23:35:09 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.30 00:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asus\Desktop\Native
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.28 03:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asus\Desktop\OTL.exe
[2013.01.28 03:33:03 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-963894560-515967899-1003UA.job
[2013.01.28 03:31:13 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.28 03:31:13 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.28 03:27:27 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.01.28 03:26:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.28 03:24:34 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.28 03:07:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.27 01:50:51 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\yo4xecof.exe
[2013.01.27 01:43:24 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\asus\Desktop\dds.com
[2013.01.26 08:10:34 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.26 08:05:36 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\asus\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.26 07:39:14 | 002,118,644 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\MCShield-Setup.exe
[2013.01.26 07:20:12 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.01.26 07:20:12 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.01.26 07:02:46 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\Revo Uninstaller.lnk
[2013.01.26 06:32:38 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\asus\Desktop\revosetup.exe
[2013.01.26 06:32:04 | 003,787,704 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\asus\Desktop\dfsetup212.exe
[2013.01.26 06:21:00 | 021,155,776 | ---- | M] (Mozilla) -- C:\Documents and Settings\asus\Desktop\Firefox Setup 19.0b3.exe
[2013.01.26 02:15:41 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\Video Performer.lnk
[2013.01.26 02:02:20 | 000,671,808 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\VideoPerformerSetup.exe
[2013.01.26 02:02:07 | 000,676,640 | ---- | M] () -- C:\Documents and Settings\asus\Desktop\BestCodecsPackSetup.exe
[2013.01.25 16:33:52 | 032,192,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\asus\Desktop\25.0.1364.45_chrome_installer.exe
[2013.01.24 17:39:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.24 09:40:45 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.23 19:33:03 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-963894560-515967899-1003Core.job
[2013.01.18 07:41:40 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\asus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.16 04:11:06 | 020,293,080 | ---- | M] (Mozilla) -- C:\Documents and Settings\asus\Desktop\Firefox Setup 18.0.exe
[2013.01.13 02:32:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.13 02:32:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.12 03:00:45 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.06 06:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.28 03:24:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.28 03:24:33 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.27 01:50:50 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\yo4xecof.exe
[2013.01.26 08:10:34 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.26 07:39:01 | 002,118,644 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\MCShield-Setup.exe
[2013.01.26 07:20:12 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\asus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.01.26 07:20:12 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.26 07:20:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.01.26 07:02:46 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\Revo Uninstaller.lnk
[2013.01.26 02:15:41 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\Video Performer.lnk
[2013.01.26 02:08:59 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013.01.26 02:02:20 | 000,671,808 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\VideoPerformerSetup.exe
[2013.01.26 02:02:07 | 000,676,640 | ---- | C] () -- C:\Documents and Settings\asus\Desktop\BestCodecsPackSetup.exe
[2013.01.09 23:35:10 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.26 23:17:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isnooker.INI
[2012.10.27 15:47:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2012.10.27 15:08:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012.09.06 12:09:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.07.05 20:40:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2012.04.14 12:39:00 | 000,000,423 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2012.04.14 03:48:37 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012.03.31 15:57:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012.03.31 15:57:46 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.11.21 19:08:55 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\asus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.21 19:02:56 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011.11.21 18:21:49 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2011.11.21 18:21:49 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011.11.21 17:24:20 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.11.21 17:15:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.21 16:49:56 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.11.21 16:25:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011.11.21 16:25:01 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011.11.21 15:55:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.11.21 15:54:00 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.21 15:13:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.11.21 15:05:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011.11.21 16:22:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.06.28 22:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013.01.14 17:19:14 | 000,000,000 | ---D | M](C:\Documents and Settings\asus\My Documents\???????) -- C:\Documents and Settings\asus\My Documents\Пријеми
[2013.01.14 17:04:14 | 000,000,000 | ---D | M](C:\Documents and Settings\asus\My Documents\??????????) -- C:\Documents and Settings\asus\My Documents\Преузимања
[2012.07.20 22:29:01 | 000,000,000 | ---D | C](C:\Documents and Settings\asus\My Documents\??????????) -- C:\Documents and Settings\asus\My Documents\Преузимања
[2011.12.07 11:14:38 | 000,000,000 | ---D | C](C:\Documents and Settings\asus\My Documents\???????) -- C:\Documents and Settings\asus\My Documents\Пријеми

< End of report >

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.

Pokreni Mozillu, klikni na Firefox --> Add-ons.
Izaberi Extensions sa leve strane i ukloni sledece ukoliko ima:
- Special Savings
- Smiley Bar for Facebook



Korak 2.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Korak 3.

Nakon sto si uradio ova dva koraka, kazi mi ima li poboljsanja?

offline
  • Pridružio: 08 Mar 2008
  • Poruke: 17

Napisano: 28 Jan 2013 16:47

Zapeo sam na prvom koraku, kod mene ne postoje opcije za uklanjanje ove dve ekstenzije:







Da li da nastavim sa drugim korakom?

Dopuna: 28 Jan 2013 17:13

Mozda je glupo, ali nastavio sam sa drugim korakom samoinicijativno, evo izvestaja:


mycity.rs/must-login.png

Imam osecaj da je internet malo brzi, Chrom sad startuje sa pocetnom stranicom ali nece da pronadje google.com. Firefoxova pretraga i dalje ne radi. Shocked

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Napisano: 28 Jan 2013 17:16

Ok, nastavi sa drugim korakom...

Dopuna: 28 Jan 2013 17:59

Arrow Korak 1

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\asus\LOCALS~1\Temp\5874.sys -- (5874)

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.




Arrow Korak 2.

Ima li poboljsanja?

offline
  • Pridružio: 08 Mar 2008
  • Poruke: 17

Napisano: 29 Jan 2013 4:32

Poboljsanja nema.
Posle klika na Run Fix kompjuter je zablokirao.
Morao sam nasilno da ga restartujem.
Pokusao sam opet.
U donjem delu OTL-a pisalo je nesto u stilu `killing process, do not interrupt` pa sam ga pustio da `zavrsi`, medjutim kad sam se probudio sve je bilo isto kao prvi put tj. komp je bio zablokiran celu noc.

Dopuna: 29 Jan 2013 6:20

e da, pojavio se i neki thumbs mada sumnjam da je to izvestaj:


mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Iskljuci MalwareBytes, pa ponovo odradi korak...

offline
  • Pridružio: 08 Mar 2008
  • Poruke: 17

Poboljsanja nema Crying or Very sad evo izvestaja:

All processes killed
========== OTL ==========
Service 5874 stopped successfully!
Service 5874 deleted successfully!
File C:\DOCUME~1\asus\LOCALS~1\Temp\5874.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\asus\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\asus\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: asus
->Temp folder emptied: 70962444 bytes
->Temporary Internet Files folder emptied: 12481482 bytes
->Java cache emptied: 1062520 bytes
->FireFox cache emptied: 371924950 bytes
->Google Chrome cache emptied: 139509237 bytes
->Flash cache emptied: 60254 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10577902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 162624934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 580235 bytes

Total Files Cleaned = 734,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01292013_152443

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da ti nije slucajno proxy ukljucen?

Klikni na u gornjem desnom uglu

Izaberi Settings

Na dnu imas Show advanced settings... , klikni, pa idi na deo Network ispod.

Klikni na Change proxy settings, pa LAN Settings.

Proveri je li ukljuceno Use proxy settings for your LAN?

Ko je trenutno na forumu
 

Ukupno su 1409 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 1367 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Arahne, bagor10, bladesu, celik, cifra, CikaKURE, Dannyboy, debeli, Fabius, GandorCC, Georgius, hatman, ILGromovnik, JOntra, kinez88, loon123, Luka Blažević, Lutvo_Redzepagic, Magistar78, mkukoleca, nenaddz, RiV, royst33, ruma, Shinobi, Skywhaler, SlaKoj, StefanopuloZ, stegonosa, Trpe Grozni, vathra, Vlada78, vladulns, zixmix, zziko