Racunar koci

Racunar koci

offline
  • Pridružio: 26 Dec 2013
  • Poruke: 39
  • Gde živiš: krusevac

Napisano: 28 Maj 2014 10:00

Pri otvaranju programa koci,to jest potrebno je sacekati neko vreme dok se otvori nova tema.Na You Tube ukoci .Pri svakom otvaranju blokira par sekundi pa nastavi sa otvaranjem.

Dopuna: 28 Maj 2014 10:05

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by DRAGAN (administrator) on DRAGAN-PC on 28-05-2014 01:02:01
Running from C:\Users\DRAGAN\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(YTDownloader) C:\Program Files\YTDownloader\YTDownloader.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Farbar) C:\Users\DRAGAN\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-04] (AVAST Software)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [24576 2003-06-19] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [DevconDefaultDB] => C:\Windows\READREG /PSCONV={NO}
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [49152 2002-12-03] (Creative Technology Ltd)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll (iWebar)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft)
FF Extension: iWebar - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [2014-05-26]
FF Extension: Adblock Plus - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-22]

Chrome:
=======
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: delta-search.com/?q={searchTerms}&affID=119292&tt=190313_wctrl&babsrc=SP_ss&mntrId=7CEA001185657709
CHR DefaultNewTabURL:
CHR Extension: (McAfee Security Scan+) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18]
CHR Extension: (Google Wallet) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-04] (AVAST Software)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-26] (globalUpdate)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-26] (globalUpdate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-04] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-02] (DT Soft Ltd)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [860592 2003-06-27] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [159040 2003-06-27] (Creative Technology Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2013-12-24] (REALiX(tm))
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [101120 2009-11-04] (Huawei Technologies Co., Ltd.)
R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [50024 2014-05-22] (YTDownloader)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 ALCXWDM; system32\drivers\RTKVAC.SYS [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 01:02 - 2014-05-28 01:02 - 00012445 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-28 01:01 - 2014-05-28 01:01 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(1).exe
2014-05-28 00:59 - 2014-05-28 00:59 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-27 10:58 - 2014-05-27 22:55 - 00000112 _____ () C:\Windows\setupact.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 09:33 - 2014-05-26 09:33 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\DownLite
2014-05-26 07:29 - 2014-05-28 00:34 - 00001576 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-7.job
2014-05-26 07:29 - 2014-05-27 23:00 - 00002386 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-4.job
2014-05-26 07:29 - 2014-05-27 22:55 - 00001642 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-6.job
2014-05-26 07:29 - 2014-05-27 22:55 - 00001634 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-1.job
2014-05-26 07:29 - 2014-05-27 22:55 - 00001620 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-2.job
2014-05-26 07:29 - 2014-05-27 22:55 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-26 07:29 - 2014-05-27 13:38 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-26 07:29 - 2014-05-26 10:08 - 00000000 ____D () C:\Program Files\iWebar
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\globalUpdate
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-26 07:28 - 2014-05-26 07:29 - 00000000 ____D () C:\Program Files\YTDownloader
2014-05-26 07:28 - 2014-05-26 07:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-05-26 07:26 - 2014-05-26 10:13 - 00000000 ____D () C:\Program Files\SpeedItup Free
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-14 14:31 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:40 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:40 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:40 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 05:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip

==================== One Month Modified Files and Folders =======

2014-05-28 01:02 - 2014-05-28 01:02 - 00012445 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-28 01:02 - 2013-12-02 12:48 - 00000000 ____D () C:\FRST
2014-05-28 01:01 - 2014-05-28 01:01 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(1).exe
2014-05-28 00:59 - 2014-05-28 00:59 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-28 00:53 - 2011-10-03 11:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 00:34 - 2014-05-26 07:29 - 00001576 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-7.job
2014-05-28 00:28 - 2012-11-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 23:36 - 2012-03-18 06:06 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Skype
2014-05-27 23:00 - 2014-05-26 07:29 - 00002386 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-4.job
2014-05-27 23:00 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 23:00 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 22:59 - 2013-12-09 12:55 - 01147287 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 22:59 - 2011-10-03 11:09 - 00336956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 22:55 - 2014-05-27 10:58 - 00000112 _____ () C:\Windows\setupact.log
2014-05-27 22:55 - 2014-05-26 07:29 - 00001642 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-6.job
2014-05-27 22:55 - 2014-05-26 07:29 - 00001634 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-1.job
2014-05-27 22:55 - 2014-05-26 07:29 - 00001620 _____ () C:\Windows\Tasks\74275bdc-96a9-440e-8569-aaf52624e348-2.job
2014-05-27 22:55 - 2014-05-26 07:29 - 00000894 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-27 22:55 - 2013-03-16 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-27 22:55 - 2011-10-03 11:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 22:55 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 13:38 - 2014-05-26 07:29 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 08:06 - 2011-10-03 11:37 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Winamp
2014-05-26 10:13 - 2014-05-26 07:26 - 00000000 ____D () C:\Program Files\SpeedItup Free
2014-05-26 10:13 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 10:08 - 2014-05-26 07:29 - 00000000 ____D () C:\Program Files\iWebar
2014-05-26 09:33 - 2014-05-26 09:33 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\DownLite
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\globalUpdate
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-26 07:29 - 2014-05-26 07:28 - 00000000 ____D () C:\Program Files\YTDownloader
2014-05-26 07:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-26 07:28 - 2014-05-26 07:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-24 05:04 - 2012-07-18 02:35 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Nitro PDF
2014-05-21 00:09 - 2012-05-22 11:25 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 03:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 01:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 14:33 - 2013-07-22 13:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 14:33 - 2011-10-16 08:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:30 - 2012-11-11 06:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 05:30 - 2011-11-18 06:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 04:16 - 2011-10-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip
2014-05-08 12:01 - 2013-05-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 20:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 19:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 00:29 - 2009-07-13 21:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 10:55 - 2012-10-27 11:20 - 00000000 ____D () C:\Users\DRAGAN\Downloads\New folder

Some content of TEMP:
====================
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 05:40] - [2014-03-04 02:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 00:31

==================== End Of Log ============================

Dopuna: 28 Maj 2014 10:12

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Na tebe imam poseban merak, pa cu tako da te izmrcvarim Mr. Green


Korak 1



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt





Korak 2




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
iWebar (HKLM\...\iWebar) (Version: 1.34.5.12 - iWebar) <==== ATTENTION
Task: {857E630B-6CD8-4B71-8AFA-E9D02A180119} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-26] (globalUpdate) <==== ATTENTION
Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {F6F0C73B-06EB-4A06-AC29-56A6C283FB0B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-26] (globalUpdate) <==== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll (iWebar)
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www.delta-search.com/?q={searchTerms}&affID=119292&tt=190313_wctrl&babsrc=SP_ss&mntrId=7CEA001185657709
CHR DefaultNewTabURL:
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
CMD: DEL %TEMP%\*.* /F /S /Q
Reboot:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Korak 3



Obavezno deinstaliraj

iWebar
McAfee Security Scan

offline
  • Pridružio: 26 Dec 2013
  • Poruke: 39
  • Gde živiš: krusevac

Napisano: 28 Maj 2014 22:22

mycity.rs/must-login.png

Dopuna: 28 Maj 2014 22:32

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by DRAGAN (administrator) on DRAGAN-PC on 28-05-2014 13:28:21
Running from C:\Users\DRAGAN\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(YTDownloader) C:\Program Files\YTDownloader\YTDownloader.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Farbar) C:\Users\DRAGAN\Downloads\FRST(3).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-04] (AVAST Software)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [24576 2003-06-19] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [DevconDefaultDB] => C:\Windows\READREG /PSCONV={NO}
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [49152 2002-12-03] (Creative Technology Ltd)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1974120 2014-05-22] (YTDownloader)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft)
FF Extension: Adblock Plus - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-22]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: delta-search.com/?q={searchTerms}&affID=119292&tt=190313_wctrl&babsrc=SP_ss&mntrId=7CEA001185657709
CHR DefaultNewTabURL:
CHR Extension: (No Name) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18]
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-04] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-04] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-02] (DT Soft Ltd)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [860592 2003-06-27] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [159040 2003-06-27] (Creative Technology Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2013-12-24] (REALiX(tm))
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [101120 2009-11-04] (Huawei Technologies Co., Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 ALCXWDM; system32\drivers\RTKVAC.SYS [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 13:27 - 2014-05-28 13:28 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(3).exe
2014-05-28 13:26 - 2014-05-28 13:27 - 02066944 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST64.exe
2014-05-28 13:18 - 2014-05-28 13:18 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner(2).exe
2014-05-28 13:09 - 2014-05-28 13:09 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-28 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 13:05 - 2014-05-28 13:23 - 00000000 ____D () C:\AdwCleaner
2014-05-28 13:04 - 2014-05-28 13:04 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner(1).exe
2014-05-28 13:01 - 2014-05-28 13:02 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner.exe
2014-05-28 12:54 - 2014-05-28 12:55 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(2).exe
2014-05-28 01:07 - 2014-05-28 13:06 - 00024121 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-28 01:02 - 2014-05-28 13:28 - 00011237 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-28 01:01 - 2014-05-28 01:01 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(1).exe
2014-05-28 00:59 - 2014-05-28 00:59 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-27 10:58 - 2014-05-28 13:15 - 00000280 _____ () C:\Windows\setupact.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-05-26 07:28 - 2014-05-26 07:29 - 00000000 ____D () C:\Program Files\YTDownloader
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-14 14:31 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:40 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:40 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:40 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 05:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip

==================== One Month Modified Files and Folders =======

2014-05-28 13:30 - 2014-05-28 01:02 - 00011237 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-28 13:28 - 2014-05-28 13:27 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(3).exe
2014-05-28 13:28 - 2013-12-02 12:48 - 00000000 ____D () C:\FRST
2014-05-28 13:28 - 2012-11-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 13:27 - 2014-05-28 13:26 - 02066944 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST64.exe
2014-05-28 13:23 - 2014-05-28 13:05 - 00000000 ____D () C:\AdwCleaner
2014-05-28 13:21 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 13:21 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 13:20 - 2011-10-03 11:09 - 00336956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 13:18 - 2014-05-28 13:18 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner(2).exe
2014-05-28 13:17 - 2012-03-18 06:06 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Skype
2014-05-28 13:16 - 2011-10-03 11:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 13:16 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 13:15 - 2014-05-27 10:58 - 00000280 _____ () C:\Windows\setupact.log
2014-05-28 13:15 - 2013-12-09 12:55 - 01173023 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 13:15 - 2013-03-16 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 13:09 - 2014-05-28 13:09 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-28 13:06 - 2014-05-28 01:07 - 00024121 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-28 13:04 - 2014-05-28 13:04 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner(1).exe
2014-05-28 13:02 - 2014-05-28 13:01 - 01327971 _____ () C:\Users\DRAGAN\Downloads\AdwCleaner.exe
2014-05-28 12:55 - 2014-05-28 12:54 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(2).exe
2014-05-28 12:53 - 2011-10-03 11:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 01:01 - 2014-05-28 01:01 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST(1).exe
2014-05-28 00:59 - 2014-05-28 00:59 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 08:06 - 2011-10-03 11:37 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Winamp
2014-05-26 10:13 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 07:29 - 2014-05-26 07:29 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-05-26 07:29 - 2014-05-26 07:28 - 00000000 ____D () C:\Program Files\YTDownloader
2014-05-26 07:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-24 05:04 - 2012-07-18 02:35 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Nitro PDF
2014-05-21 00:09 - 2012-05-22 11:25 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 03:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 01:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 14:34 - 2013-07-22 13:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 14:33 - 2011-10-16 08:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:30 - 2012-11-11 06:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 05:30 - 2011-11-18 06:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 04:16 - 2011-10-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip
2014-05-08 12:01 - 2013-05-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 20:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 19:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 00:29 - 2009-07-13 21:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 10:55 - 2012-10-27 11:20 - 00000000 ____D () C:\Users\DRAGAN\Downloads\New folder

Some content of TEMP:
====================
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 05:40] - [2014-03-04 02:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 00:31

==================== End Of Log ============================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Posto mi rece na PP da je sve ok -- >


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Pozdrav.

offline
  • Pridružio: 26 Dec 2013
  • Poruke: 39
  • Gde živiš: krusevac

Napisano: 29 Maj 2014 9:36

a ovaj izvestaj delfix.txt dali treba da postavim ovde ?

Dopuna: 29 Maj 2014 9:55

Hvala puno na pomoci. Smile

Ko je trenutno na forumu
 

Ukupno su 666 korisnika na forumu :: 10 registrovanih, 2 sakrivenih i 654 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Battlehammer, Bobrock1, DPera, dragoljub11987, hyla, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic