MyCity » Ambulanta -> Arhiva Ambulante » Virus u C:\windows\Installer folderu

Virus u C:\windows\Installer folderu

Napisano na dan: 7.12.2014
1

Virus u C:\windows\Installer folderu
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Dec 2014 12:10
Idi na vrh
offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Imam neki virus u C:\windows\Installer folderu ali AVG nikako da ga izbrise, odnosno trazi od mene da restartujem PC da bi ga izbrisao, ja to uradim ali mi posle 4-5 dana ponovo izbaci istu poruku sa istim virusom, i tako zadnih mesec dana.

Racunar mi u principu radi normalno, ali sam primetio da neki put"secne" u igricama koje su radile savrseno ( i to secka cak i u nekim sitnim igricama sto su stare i preko 10 godina, sto je van pameti).





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by Djole (administrator) on COMPUTER_0313 on 07-12-2014 12:05:29
Running from D:\Programi\CC Cleaner pro 7
Loaded Profile: Djole (Available profiles: Djole)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(BitTorrent Inc.) D:\Programi\utorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2007-11-16] (cyberlink)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [72736 2007-10-28] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2007-12-20] (Vimicro Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe [90112 2008-11-13] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [Facebook Update] => C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-09-20] (Facebook Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [MaxRecentDocs] 11
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
Startup: C:\Documents and Settings\Djole\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Documents and Settings\Djole\Application Data\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\searchplugins\youtube-video-search.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: MEGA - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\firefox@mega.co.nz.xpi [2014-11-02]
FF Extension: Modify Headers - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-08-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22]
FF HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013-10-17]

Chrome:
=======
CHR HomePage: Default -> chrome://apps/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]
CHR Extension: (Google Search) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]
CHR Extension: (AdBlock) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-26]
CHR Extension: (New Tab Redirect) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-11-25]
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2013-10-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Djole\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-11-17] (Advanced Micro Devices)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182584 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation)
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [41456 2007-11-03] (Cyberlink Corp.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 11:49 - 2014-12-07 11:49 - 00000000 ____D () C:\Documents and Settings\Djole\Start Menu\Programs\CyberLink PowerDVD
2014-12-06 16:36 - 2014-12-06 16:36 - 00008650 _____ () C:\Documents and Settings\Djole\My Documents\hijackthis.log
2014-12-04 21:26 - 2014-12-04 21:39 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-04 21:24 - 2014-12-04 21:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-11-30 17:51 - 2014-11-30 17:51 - 00000000 ____D () C:\Documents and Settings\Djole\Local Settings\Application Data\TimeParadox
2014-11-25 15:33 - 2014-11-25 15:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-25 15:25 - 2014-11-25 15:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 12:06 - 2013-03-21 20:04 - 00000000 ____D () C:\Documents and Settings\Djole\Application Data\uTorrent
2014-12-07 12:05 - 2013-08-02 14:28 - 00000000 ____D () C:\FRST
2014-12-07 12:05 - 2013-03-20 17:26 - 00000000 ____D () C:\Documents and Settings\Djole\Local Settings\Temp
2014-12-07 12:03 - 2013-03-20 18:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-12-07 11:55 - 2013-03-20 17:22 - 00466958 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-07 11:49 - 2013-03-20 18:17 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-07 11:49 - 2013-03-20 18:17 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-07 11:48 - 2013-06-17 18:34 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 11:48 - 2013-03-20 17:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-07 02:35 - 2013-03-20 18:12 - 00000000 ____D () C:\Documents and Settings\Djole\Application Data\vlc
2014-12-07 02:35 - 2013-03-20 17:55 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-12-07 02:35 - 2013-03-20 17:26 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-07 02:35 - 2013-03-20 17:26 - 00000178 ___SH () C:\Documents and Settings\Djole\ntuser.ini
2014-12-07 02:22 - 2013-06-17 18:34 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 00:39 - 2013-09-20 17:34 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job
2014-12-06 18:39 - 2013-09-20 17:34 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job
2014-12-06 16:40 - 2014-07-25 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 16:40 - 2014-07-25 01:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-06 16:40 - 2014-07-25 01:28 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-12-06 16:40 - 2013-03-20 18:21 - 00000000 ___RD () C:\Documents and Settings\Djole\Desktop\Ostali programi i igrice
2014-12-06 16:33 - 2013-03-20 17:21 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-06 00:55 - 2001-08-23 12:00 - 00000916 _____ () C:\WINDOWS\win.ini
2014-12-05 17:13 - 2013-03-20 18:13 - 00000211 ___SH () C:\boot.ini
2014-12-05 17:13 - 2001-08-23 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-05 16:16 - 2013-03-20 17:26 - 00000000 ____D () C:\Documents and Settings\Djole
2014-12-04 11:47 - 2001-08-23 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-03 21:45 - 2013-09-19 14:43 - 00488960 ___SH () C:\Documents and Settings\Djole\My Documents\Thumbs.db
2014-11-26 12:25 - 2013-06-17 18:36 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-26 11:55 - 2013-03-20 19:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-25 15:25 - 2013-03-20 18:26 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2014-11-25 15:25 - 2013-03-20 18:14 - 00805891 _____ () C:\WINDOWS\setupapi.log
2014-11-25 15:21 - 2013-03-20 19:06 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-25 15:21 - 2013-03-20 19:06 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-25 15:16 - 2013-03-20 17:27 - 00136504 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-25 15:15 - 2013-03-20 18:14 - 00425408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-25 15:15 - 2013-03-20 17:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-25 15:15 - 2013-03-20 17:25 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-25 15:15 - 2013-03-20 17:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-21 06:14 - 2014-07-25 01:30 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2013-07-31 17:46 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-20 12:15 - 2013-03-20 18:24 - 00000000 ____D () C:\Documents and Settings\Djole\Local Settings\Application Data\Avg2013

Some content of TEMP:
====================
C:\Documents and Settings\Djole\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Djole\Local Settings\Temp\downloader.dll
C:\Documents and Settings\Djole\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Djole\Local Settings\Temp\drm_dyndata_7390006.dll
C:\Documents and Settings\Djole\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\Djole\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Djole\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Djole\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Djole\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Djole\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Djole\Local Settings\Temp\vlc-2.0.8-win32.exe
C:\Documents and Settings\Djole\Local Settings\Temp\vlc-2.1.1-win32.exe
C:\Documents and Settings\Djole\Local Settings\Temp\vlc-2.1.2-win32.exe
C:\Documents and Settings\Djole\Local Settings\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\Djole\Local Settings\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================








Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01
Ran by Djole at 2014-12-07 12:06:20
Running from D:\Programi\CC Cleaner pro 7
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.475 - ACD Systems International Inc.)
Ace Stream Media 2.1.7.2 (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\AceStream) (Version: 2.1.7.2 - Ace Stream Media)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
AIMP2 (HKLM\...\AIMP2) (Version: - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{94B5EB58-4409-4CD2-BEA4-A8E8B1708A50}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM\...\{936FA6E0-8A87-4A03-8004-138AB7A97637}) (Version: 8.0.0.16 - ArcSoft, Inc.)
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4235 - AVG Technologies) Hidden
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.61.1065 - AB Team, d.o.o.)
Call of Juarez Gunslinger (HKLM\...\Call of Juarez Gunslinger_is1) (Version: - R.G. Origami)
Contents (Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Pro X6 (HKLM\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DTS+AC3 Filter (HKLM\...\DtsFilter) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Football Manager 2013 version 13.3.3 (HKLM\...\{04BDADD5-B981-49DB-90F0-DE11F19C50B4}_is1) (Version: 13.3.3 - SEGA)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.62.5209 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
ICA (Version: 16.0.0.106 - Corel Corporation) Hidden
IPM_VS_Pro (Version: 16.0 - Corel Corporation) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 9.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MAGIX Movie Edit Pro 17 Plus Download Version (HKLM\...\MAGIX_MSI_Videodeluxe17_plus) (Version: 10.0.0.33 - MAGIX AG)
MAGIX Movie Edit Pro 17 Plus Download Version (Version: 10.0.0.33 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\{CC26EB1A-8E6D-4DD5-90B7-316C9E73040C}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{EF62AEFF-5588-44A0-BC68-5A4D2B4ECE3B}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}) (Version: 6.00.3883.15 - Microsoft Corporation)
Nero 9 (HKLM\...\{a4804fcd-f4ec-4bb6-aa4d-36f837f254a2}) (Version: - Nero AG)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD (Version: 7.3.3516.0 - CyberLink Corporation) Hidden
PowerDVD Ultra (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3516.0 - CyberLink Corporation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Setup (Version: 16.0.0.106 - Corel Corporation) Hidden
Share (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.5 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6110 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tefter (HKLM\...\Tefter) (Version: - )
Tehnicki recnik (HKLM\...\Tehnicki recnik) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Toy Story 3 (HKLM\...\{AAFD160A-2333-40D8-AA25-42D1989CA0F2}) (Version: 1.00.0000 - Disney Interactive Studios)
TweakNow PowerPack 2006 Professional (HKLM\...\TweakNow PowerPack 2006 Professional_is1) (Version: v1.4.1 - TweakNow.com)
Vimicro USB2.0 UVC PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSClassic (Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (Version: 16.0.0.106 - Corel Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.5 - Nullsoft, Inc)
WinAVI All-in-One Converter (HKLM\...\WinAVI All-in-One Converter) (Version: 1.7.0.4734 - ZJMedia Digital Technology Ltd.)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinX Free AVI to FLV Converter 4.1.11 (HKLM\...\WinX Free AVI to FLV Converter_is1) (Version: - Digiarty Software,Inc.)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
YuRecnik (HKLM\...\YuRecnik) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll (the data entry has 7 more characters).

==================== Restore Points =========================

06-12-2014 15:33:23 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-08-11 07:58 - 2013-07-04 23:31 - 00000786 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 [Link mogu videti samo ulogovani korisnici]


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job => C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job => C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-04-14 05:41 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:42 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 05:42 - 2008-04-14 05:42 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2013-03-20 18:00 - 2012-09-11 22:10 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2011-04-19 20:56 - 2011-04-19 20:56 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-25 15:33 - 2014-11-25 15:33 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-29 01:09 - 2014-08-29 01:09 - 17024688 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AceStream => C:\Documents and Settings\Djole\Application Data\ACEStream\engine\ace_engine.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1614895754-2025429265-1417001333-500 - Administrator - Enabled)
Djole (S-1-5-21-1614895754-2025429265-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Djole
Guest (S-1-5-21-1614895754-2025429265-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1614895754-2025429265-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1614895754-2025429265-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 08:42:06 PM) (Source: Google Update) (EventID: 20) (User: COMPUTER_0313)
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x800421f7. Http status code 503.
trying WinHTTP.
Send request returned 0x800421f7. Http status code 503.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8007

Error: (08/26/2014 01:21:39 AM) (Source: MsiInstaller) (EventID: 11309) (User: COMPUTER_0313)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.


System errors:
=============
Error: (12/05/2014 05:11:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/05/2014 05:11:12 PM) (Source: DCOM) (EventID: 10005) (User: COMPUTER_0313)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
AVGIDSDriver
AVGIDSShim
Avgldx86
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (12/05/2014 05:10:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/05/2014 05:10:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/05/2014 05:10:06 PM) (Source: DCOM) (EventID: 10005) (User: COMPUTER_0313)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Genuine Intel(R) CPU 2160 @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 3071.11 MB
Available physical RAM: 1918.28 MB
Total Pagefile: 4961.28 MB
Available Pagefile: 3830.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:25.69 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:881.9 GB) (Free:105.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: EDB81844)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=881.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Poslao: 07 Dec 2014 12:36
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Djole\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
C:\Documents and Settings\Djole\Local Settings\Application Data\CRE
EmtpyTemp:

U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Privremeno isključi AVG.
Otvori My Computer.
U adress bar iskopiraj sljedeću putanju:
C:\WINDOWS\Installer\{7746D885-83A6-2A33-26EC-D21306A4AE96}
i pritisni Enter.
Fajl syshost.exe kopiraj na Desktop.
Pošalji nam taj fajl preko sljedećeg linka:
[Link mogu videti samo ulogovani korisnici]



Poslao: 07 Dec 2014 14:17
Idi na vrh
offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by Djole at 2014-12-07 14:10:32 Run:1
Running from C:\Documents and Settings\Djole\Desktop
Loaded Profile: Djole (Available profiles: Djole)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Djole\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
C:\Documents and Settings\Djole\Local Settings\Application Data\CRE
EmtpyTemp:
*****************

"HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully.
C:\Documents and Settings\Djole\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully.
C:\Documents and Settings\Djole\Local Settings\Application Data\CRE => Moved successfully.
EmtpyTemp: => Error: No automatic fix found for this entry.

==== End of Fixlog ====


A za drgo nemam sta da kopiram posto je fascikla C:\WINDOWS\Installer\{7746D885-83A6-2A33-26EC-D21306A4AE96} prazna.

Poslao: 07 Dec 2014 15:23
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Dok ti je isključen AVG, isprati ovo uputstvo da povratiš taj fajl iz karantina.

[Link mogu videti samo ulogovani korisnici]

Imaš i video uputstvo:
[Link mogu videti samo ulogovani korisnici]

Ako ga uspiješ izvaditi iz karantina pošalji ga preko linka kojeg sam ti već dao.

Poslao: 07 Dec 2014 16:47
Idi na vrh
offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Pokusao ali nece da ga izvadi iz karantina.

Ovde na slici se vidi da je bilo virusa u razlicitim fasciklama windows\Installer u zadnjih mesec dana a ne samo u jednoj kako sam ja mislio.

Poslao: 07 Dec 2014 18:25
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Koristi opciju Restore As.

Poslao: 07 Dec 2014 19:39
Idi na vrh
offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Ne moze, zatamljena je.

Poslao: 07 Dec 2014 19:42
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ništa onda, idemo dalje.



Arrow

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata.
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata.
Ako nakon restarta dobijaš grešku prilikom startovanja nekih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to će riješiti problem.

Poslao: 07 Dec 2014 20:20
Idi na vrh
offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Pre nego sto sto je poceo da radi combofix me je upozorio da mi je ukljucen avast, a ja sam ga izbrisao pre neki dan (u safe modu preko nekog avast unistaler-a) kad sam skenirao pc da bih ocistio virus sa njim. Kako da ga izbrisem iz registry ? Mozda mi to pomalo usporava racunar kao da imam dva AV (a nikad nisam ni imao, avast sam samo instalirao na pola sata da bih skenirao).


Evo loga :

ComboFix 14-12-07.01 - Djole 07.12.2014 20:01:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2523 [GMT 1:00]
Running from: d:\programi\CC Cleaner pro 7\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\________
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{2599B6F1-92AC-472C-BE60-9F17565E4938}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\PostBuild.exe
c:\documents and settings\Djole\WINDOWS
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
.
.
((((((((((((((((((((((((( Files Created from 2014-11-07 to 2014-12-07 )))))))))))))))))))))))))))))))
.
.
2014-12-04 20:26 . 2014-12-04 20:39 -------- d-----w- c:\program files\HitmanPro
2014-12-04 20:24 . 2014-12-04 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2014-11-30 16:51 . 2014-11-30 16:51 -------- d-----w- c:\documents and settings\Djole\Local Settings\Application Data\TimeParadox
2014-11-25 14:15 . 2014-11-25 14:15 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-06 15:40 . 2014-07-25 00:28 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-11-21 05:14 . 2014-07-25 00:30 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2013-07-31 16:46 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-03 23:30 . 2012-10-02 02:30 172856 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-10-24 16:10 . 2014-10-24 16:10 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-24 16:10 . 2014-10-24 16:10 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-10-17 14:34 . 2012-09-21 02:46 182584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2014-11-03 4411952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-12-20 135168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe" [2008-11-13 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\documents and settings\Djole\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceStream]
2014-04-10 21:01 27904 ----a-w- c:\documents and settings\Djole\Application Data\ACEStream\engine\ace_engine.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"d:\\Programi\\utorrent.exe"=
"c:\\Documents and Settings\\Djole\\Application Data\\ACEStream\\engine\\ace_engine.exe"=
"d:\\Programi\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Djole\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\Programi\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 03:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.09.2012 03:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.09.2012 03:05 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.09.2012 03:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02.10.2012 03:30 172856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.09.2012 03:46 182584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [07.05.2013 23:36 119024]
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [14.08.2012 09:31 43624]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [04.11.2014 00:31 1432592]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [17.10.2014 15:35 4942384]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [20.11.2013 01:54 283136]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.08.2009 16:09 1253376]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [25.07.2014 01:30 1871160]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03.06.2013 15:21 162408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [18.06.2013 18:59 101904]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.01.2012 19:52 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31.07.2013 17:46 23256]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [20.03.2013 18:46 252928]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [20.03.2013 18:46 398720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [25.07.2014 01:30 969016]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.01.2012 19:52 30944]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 10:10 3276800]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 11:24 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job
- c:\documents and settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-09-20 16:34]
.
2014-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job
- c:\documents and settings\Djole\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-09-20 16:34]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-17 17:34]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-17 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-uTorrent - d:\programi\CC Cleaner pro 7\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2014-12-07 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-12-07 20:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-07 19:11
.
Pre-Run: 27,468,701,696 bytes free
Post-Run: 27,915,935,744 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8111517B068B475E3E7CED895A3D8C29
8F558EB6672622401DA993E1E865C861

Poslao: 07 Dec 2014 20:31
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ni ovdje ne vidim ništa sporno.


Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

MyCity » Ambulanta -> Arhiva Ambulante » Virus u C:\windows\Installer folderu

Ko je trenutno na forumu
 

Ukupno su 1285 korisnika na forumu :: 85 registrovanih, 11 sakrivenih i 1189 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 10x10.9, BB, blake, blejač, chitach, Cicumile, Colt D, Comyymoc, Dejan_vw, dendrit86, desmeki, Despot Đurađ, Dexlex, dexteroza, DezurniOperativni, Dimitrise93, djole01, djonsule, Dorijan Grej, Dragan1998, draganl, drpera, Electron, EVIDENTICAR, famoso, gregorxix, GrobarPovratak, HrcAk47, hyla, ikan, Ivan Campo, ivan979, Jan, JeckaRaf123, jodzula, Jomini, Jose, Jovan.D, Jozo74, Kajzer Soze, kaskadija, Kepinger, KUZMAR, lcc, Lelemood, Limeni91, ljuba, Ljusa, MarijaC84, marko.markovic, Martin543, mikicbd, mile.ilic75, milenko crazy north, mrgud2025, MrNo, nebidrag, neutrino, nsharambasa, Paklenica, Parker, pein, RAKITNICA, redstar72, savaskytec, sevenino, sickmouse, Spreewerk, Srky Boy, Srna, starlights, Tandrčak, Tastatura ratnik, tritonus, tuf, varda, Vica1958, vjekosuki, VNVK, Zastava, ZlatniRez, Zoran1959, zziko, Žoržo, 79693