Spor komp, yt, sve

1

Spor komp, yt, sve

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Komp mi je totalno usporen od pre nekih par dana kad sam instalirao program za update androida na mobu. YT video koci, secka. Bilo sta drugo da otvaram, otvara se po par minuta.

AV nije nasao nista. MBAM je nasao neki PUP.Optional.Conduit.A i uklonio ga.

Evo logova:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
Ran by Milan (administrator) on MILAN-PC on 11-07-2014 19:54:52
Running from C:\Users\Milan\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\MPK\MPK.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-07-07] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Program Files\MPK\mpk.exe,
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...\Run: [Google Update] => C:\Users\Milan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-10] (Google Inc.)
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...\Run: [Facebook Update] => C:\Users\Milan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-09] (Facebook Inc.)
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: __desktopicon -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => C:\Program Files\Common Files\desktop\desktopiconX86.dll ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40F7F6225899CF01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} nvidia.com/content/DriverDownload/srl/3.....ab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Milan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Milan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Milan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npstartservicep.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npuuseep.dll ( )
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Qualys BrowserCheck - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2013-12-19]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-10-16]
FF Extension: Youtube To MP3 PRO converter - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2013-10-16]
FF Extension: Easy YouTube to MP3 Converter - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi [2013-10-02]
FF Extension: FBChatSeenBlocker - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi [2013-12-25]
FF Extension: YouTube to MP3 - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\youtube2mp3@mondayx.de.xpi [2013-10-16]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-10-16]
FF Extension: Greasemonkey - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-11]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-15]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Milan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Milan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Milan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2013-10-24]
CHR Extension: (RealDownloader) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-02]
CHR Extension: (Skype Click to Call) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-16]
CHR Extension: (Google новчаник) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290896 2012-12-13] (Skype Technologies S.A.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
S2 CX23880; C:\Windows\System32\drivers\cx88vid.sys [162944 2006-10-18] (Leadtek Research Inc.)
S2 CXAVXBAR; C:\Windows\System32\drivers\cxavxbar.sys [9728 2006-10-18] (Leadtek Research Inc.)
S2 CXTUNE; C:\Windows\System32\drivers\CX88TUNE.sys [50816 2006-10-18] (Leadtek Research Inc.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-07-21] (Phoenix Technologies) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [15600 2010-06-23] (Windows (R) 2000 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2013-08-24] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-03-31] (REALiX(tm))
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
S3 catchme; \??\C:\Users\Milan\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Milan\AppData\Local\Temp\mfe_rr.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-11 19:54 - 2014-07-11 19:55 - 00024797 _____ () C:\Users\Milan\Desktop\FRST.txt
2014-07-11 19:51 - 2014-07-11 19:54 - 00000000 ____D () C:\FRST
2014-07-11 19:50 - 2014-07-11 19:50 - 01075200 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2014-07-11 19:29 - 2014-07-11 19:29 - 00000056 _____ () C:\Windows\setupact.log
2014-07-11 19:29 - 2014-07-11 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 02:00 - 2014-07-11 02:00 - 00000000 ____D () C:\Users\Milan\AppData\Local\Adobe
2014-07-08 08:43 - 2014-07-08 08:43 - 00000353 _____ () C:\Users\Milan\Desktop\alcatel.txt
2014-07-08 01:46 - 2014-07-08 01:49 - 00000000 ____D () C:\Mobile Upgrade S 4.0.2
2014-07-08 01:46 - 2014-07-08 01:46 - 00000746 _____ () C:\Users\Public\Desktop\Mobile Upgrade S 4.0.2.lnk
2014-07-08 00:25 - 2014-07-08 01:52 - 00000000 ____D () C:\ONE TOUCH Upgrade S 2.8.0
2014-07-08 00:25 - 2014-07-08 00:25 - 00000782 _____ () C:\Users\Public\Desktop\ONE TOUCH Upgrade S 2.8.0 .lnk
2014-07-08 00:25 - 2014-07-08 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.0
2014-07-07 18:16 - 2014-07-11 19:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 18:15 - 2014-07-07 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 18:15 - 2014-07-07 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 18:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 18:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 03:19 - 2014-07-07 03:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 02:15 - 2014-07-08 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.0.2
2014-07-07 01:30 - 2014-07-07 01:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-07-07 01:25 - 2014-07-07 01:25 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Mobile Action
2014-07-07 01:22 - 2011-06-22 09:47 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-07-07 01:22 - 2011-06-22 09:47 - 00851176 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-06-18 00:11 - 2014-06-18 00:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-11 19:55 - 2014-07-11 19:54 - 00024797 _____ () C:\Users\Milan\Desktop\FRST.txt
2014-07-11 19:54 - 2014-07-11 19:51 - 00000000 ____D () C:\FRST
2014-07-11 19:50 - 2014-07-11 19:50 - 01075200 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2014-07-11 19:40 - 2014-07-07 18:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 19:37 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 19:37 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 19:33 - 2011-05-06 19:25 - 01350004 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 19:30 - 2013-12-12 01:51 - 00000000 __SHD () C:\ProgramData\MPK
2014-07-11 19:30 - 2012-07-30 02:18 - 00000470 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-07-11 19:30 - 2011-06-05 20:30 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 19:29 - 2014-07-11 19:29 - 00000056 _____ () C:\Windows\setupact.log
2014-07-11 19:29 - 2014-07-11 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 19:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 19:14 - 2013-09-26 23:41 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088880799-2092540738-2467576278-1001UA.job
2014-07-11 19:01 - 2011-06-05 20:30 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 19:00 - 2010-12-10 20:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088880799-2092540738-2467576278-1001UA.job
2014-07-11 18:00 - 2012-01-14 16:15 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-07-11 08:00 - 2010-12-10 20:22 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088880799-2092540738-2467576278-1001Core.job
2014-07-11 02:00 - 2014-07-11 02:00 - 00000000 ____D () C:\Users\Milan\AppData\Local\Adobe
2014-07-10 22:14 - 2013-09-26 23:41 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088880799-2092540738-2467576278-1001Core.job
2014-07-10 21:49 - 2012-09-24 19:37 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-10 21:49 - 2012-07-23 18:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 04:24 - 2010-06-24 08:00 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Skype
2014-07-10 04:23 - 2011-09-28 23:29 - 00000000 __SHD () C:\PScript5
2014-07-08 23:00 - 2010-06-23 11:26 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 08:43 - 2014-07-08 08:43 - 00000353 _____ () C:\Users\Milan\Desktop\alcatel.txt
2014-07-08 01:52 - 2014-07-08 00:25 - 00000000 ____D () C:\ONE TOUCH Upgrade S 2.8.0
2014-07-08 01:49 - 2014-07-08 01:46 - 00000000 ____D () C:\Mobile Upgrade S 4.0.2
2014-07-08 01:46 - 2014-07-08 01:46 - 00000746 _____ () C:\Users\Public\Desktop\Mobile Upgrade S 4.0.2.lnk
2014-07-08 01:46 - 2014-07-07 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.0.2
2014-07-08 00:25 - 2014-07-08 00:25 - 00000782 _____ () C:\Users\Public\Desktop\ONE TOUCH Upgrade S 2.8.0 .lnk
2014-07-08 00:25 - 2014-07-08 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.0
2014-07-07 18:41 - 2013-02-16 16:22 - 00000000 ___RD () C:\Users\Milan\Desktop\Programi, Cistaci
2014-07-07 18:15 - 2014-07-07 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 18:15 - 2014-07-07 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 18:15 - 2010-07-22 13:08 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Malwarebytes
2014-07-07 18:15 - 2010-06-24 08:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 18:11 - 2010-06-24 19:13 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\uTorrent
2014-07-07 18:11 - 2010-06-23 21:03 - 00000000 ____D () C:\Users\Milan\Tracing
2014-07-07 18:09 - 2010-11-16 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-07 18:09 - 2010-06-23 23:25 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-07 18:09 - 2010-06-23 23:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-07 03:19 - 2014-07-07 03:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-07 03:19 - 2014-05-11 23:33 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-07 03:19 - 2013-12-27 20:34 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-07 03:19 - 2013-12-27 20:34 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-07 03:19 - 2013-03-14 13:05 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-07 03:19 - 2013-03-14 13:05 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-07 03:19 - 2012-04-04 20:28 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-07 03:19 - 2011-04-11 23:03 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-07 03:19 - 2010-06-24 08:44 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-07 03:19 - 2010-06-24 08:44 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-07 03:19 - 2010-06-24 08:44 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-07 02:18 - 2012-01-14 16:15 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-07-07 01:30 - 2014-07-07 01:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-07-07 01:25 - 2014-07-07 01:25 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Mobile Action
2014-07-06 20:24 - 2014-03-23 20:08 - 00000000 ____D () C:\Users\Milan\Desktop\Insta
2014-07-05 01:43 - 2014-03-09 20:20 - 00000000 ____D () C:\Users\Milan\AppData\Roaming\Clip2Net
2014-06-25 17:19 - 2014-02-09 18:42 - 00000000 ____D () C:\Users\Milan\Desktop\WIN8
2014-06-25 17:17 - 2013-02-16 16:27 - 00000000 ____D () C:\Users\Milan\Desktop\Ikariam Konverter
2014-06-24 16:13 - 2009-07-14 06:53 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-24 08:43 - 2010-10-14 16:24 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 08:42 - 2012-05-12 10:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 00:11 - 2014-06-18 00:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 19:08 - 2012-11-23 23:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-15 18:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 02:10

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pre nego sto pocnemo, da pitam, da li si ti instalirao Keylogger na racunar?

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

da, s tim nema brige

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
C:\PROGRA~1\SearchProtect
ShellIconOverlayIdentifiers: __desktopicon -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => C:\Program Files\Common Files\desktop\desktopiconX86.dll ()
C:\Program Files\Common Files\desktop\desktopiconX86.dll
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: FBChatSeenBlocker - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi [2013-12-25]
S3 catchme; \??\C:\Users\Milan\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Milan\AppData\Local\Temp\mfe_rr.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
cmd: ipconfig /flushdns


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.




Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Milan at 2014-07-12 21:45:06 Run:1
Running from C:\Users\Milan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
C:\PROGRA~1\SearchProtect
ShellIconOverlayIdentifiers: __desktopicon -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => C:\Program Files\Common Files\desktop\desktopiconX86.dll ()
C:\Program Files\Common Files\desktop\desktopiconX86.dll
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: FBChatSeenBlocker - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi [2013-12-25]
S3 catchme; \??\C:\Users\Milan\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Milan\AppData\Local\Temp\mfe_rr.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
cmd: ipconfig /flushdns
*****************

HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
'HKU\S-1-5-21-4088880799-2092540738-2467576278-1001\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
"C:\PROGRA~1\SearchProtect" => File/Directory not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__desktopicon' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{6856654D-F2F6-4190-B0D9-735EA83DFB86}' => Key deleted successfully.
C:\Program Files\Common Files\desktop\desktopiconX86.dll => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\k97d1tae.default-1377369672907\Extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi => Moved successfully.
catchme => Service deleted successfully.
dgderdrv => Service deleted successfully.
MFE_RR => Service deleted successfully.
PAC7302 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ima li poboljsanja?

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Za nijansu da, kod otvaranja tabova ili prozora. Ostaje i dalje problem seckanja i usporenog videa na yt..

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Izvrsicemo jos dodatnu proveru:


Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 190
  • Gde živiš: Beograd

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
malwarebytes.org

Database version: v2014.07.13.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17105
Milan :: MILAN-PC [administrator]

13.7.2014 8:49:32
mbar-log-2014-07-13 (08-49-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 319034
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 3219709952, free: 1132670976

Downloaded database version: v2014.07.13.01
Downloaded database version: v2014.07.09.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1AA31AA3

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 104856192
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 104856255 Numsec = 207704385

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160040803840 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312559695-312579695)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pokreni FRST jos jednom, klikni na Scan i dostavi svez izvestaj za jos jednu proveru.

Ko je trenutno na forumu
 

Ukupno su 1362 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 1329 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, amaterSRB, antonije64, Asparagus, Batinas, Boris90, BSD, cenejac111, Dimitrije Paunovic, Fabius, Georgius, gorval, JimmyNapoli, kihot, Leonov, Lieutenant, Mcdado, milenko crazy north, mrvica78, novator, Regrut Boskica, sasa87, shadower78, Srky Boy, stegonosa, Toper, Trpe Grozni, vasa.93, vathra