You may need to fix Windows errors virus ?!

You may need to fix Windows errors virus ?!

offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Danas je pocela da mi se pojavljuje poruka "You may need to fix Windows errors" u GOM- u kada bi zavrsio sa gledanjem nekog filma ili video klipa. Skenirao sam sa Malwarebytes Anti-Malware i uklonio je 4 zarazena fajla ali virus je izgleda i dalje tu posto se poruka u GOM-u ponavlja.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-12-2015
Ran by Djole (administrator) on COMPUTER_0313 (24-12-2015 22:12:51)
Running from C:\Documents and Settings\Djole\Desktop
Loaded Profiles: Djole (Available Profiles: Djole)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(BitTorrent Inc.) D:\Programi\utorrent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2007-11-16] (cyberlink)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [72736 2007-10-28] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2007-12-20] (Vimicro Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe [90112 2008-11-13] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\iSkysoft\iTube Studio\DelayPluginI.exe
HKLM\...\Run: [MFARestart] => "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-04-20] (ATI Technologies Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [MaxRecentDocs] 11
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Djole\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8F6D3387-25D9-4FF1-B525-3F952A763298}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\iSkysoft\ITUBES~1\WSBROW~1.DLL => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-10-15] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Documents and Settings\Djole\Application Data\ACEStream\player\npace_plugin.dll [2014-04-10] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-18] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\searchplugins\youtube-video-search.xml [2014-08-26]
FF Extension: MEGA - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\firefox@mega.co.nz.xpi [2015-12-22]
FF Extension: YouTube ALL HTML5 - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2015-10-31]
FF Extension: Video AdBlock for Firefox - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) [2015-12-20] [not signed]
FF Extension: Modify Headers - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-05-30]
FF Extension: Video DownloadHelper - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: DownThemAll! - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22] [not signed]
FF HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013-11-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> chrome://apps/
CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-08]
CHR Extension: (New Tab Redirect) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-11-25]
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-04-29] [UpdateUrl: hxxp://magicplayer.torrentstream.org/update/chrome_new/magicplayer.xml] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files\AVG\Av\avgfws.exe [1587128 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-11-17] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243120 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation)
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [41456 2007-11-03] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 22:12 - 2015-12-24 22:13 - 00024198 _____ C:\Documents and Settings\Djole\Desktop\FRST.txt
2015-12-24 22:05 - 2015-12-24 22:06 - 01721856 _____ (Farbar) C:\Documents and Settings\Djole\Desktop\FRST.exe
2015-12-24 22:01 - 2015-12-24 22:01 - 00000000 ____D C:\Documents and Settings\Djole\Start Menu\Programs\CyberLink PowerDVD
2015-12-13 14:47 - 2015-12-20 11:09 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2015-12-13 14:47 - 2015-12-13 14:47 - 00001409 _____ C:\WINDOWS\QTFont.for
2015-12-08 10:58 - 2015-12-08 22:44 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\Media Player Classic
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Analog Devices
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-12-07 17:30 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-12-07 17:30 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-12-07 17:02 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack(2)
2015-12-07 17:01 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack(2)
2015-12-07 16:39 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Analog Devices(2)
2015-11-24 15:51 - 2015-11-24 15:58 - 00001759 _____ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2015-11-24 15:51 - 2015-11-24 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-11-24 15:50 - 2015-11-24 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 22:13 - 2014-12-07 20:11 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\temp
2015-12-24 22:12 - 2015-01-24 16:50 - 00000000 ____D C:\FRST
2015-12-24 22:12 - 2013-03-21 20:04 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\uTorrent
2015-12-24 22:04 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Pictures
2015-12-24 22:01 - 2015-09-01 11:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 22:01 - 2013-03-20 17:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-24 21:56 - 2013-03-20 17:55 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-12-24 21:56 - 2013-03-20 17:26 - 00031936 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-24 21:56 - 2013-03-20 17:26 - 00000178 ___SH C:\Documents and Settings\Djole\ntuser.ini
2015-12-24 21:39 - 2013-09-20 17:34 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job
2015-12-24 21:37 - 2014-09-01 00:28 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\Adobe
2015-12-24 21:37 - 2013-03-21 14:26 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-24 21:37 - 2013-03-21 14:26 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-24 21:30 - 2015-09-01 11:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 21:28 - 2015-10-15 10:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-12-24 21:26 - 2014-07-25 01:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-12-24 21:19 - 2013-03-20 17:26 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-24 21:19 - 2013-03-20 17:26 - 00000000 ____D C:\Documents and Settings\Djole
2015-12-24 21:19 - 2013-03-20 17:25 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-24 21:19 - 2013-03-20 17:20 - 00000000 ____D C:\WINDOWS\Registration
2015-12-24 18:39 - 2013-09-20 17:34 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job
2015-12-24 14:14 - 2013-03-20 18:12 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\vlc
2015-12-24 10:58 - 2001-08-23 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-20 18:00 - 2015-10-15 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-12-20 18:00 - 2013-03-20 18:11 - 00000000 ___HD C:\WINDOWS\inf
2015-12-20 18:00 - 2013-03-20 18:11 - 00000000 ____D C:\WINDOWS
2015-12-17 15:06 - 2015-09-23 21:01 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\AvgSetupLog
2015-12-08 10:58 - 2013-03-20 18:21 - 00000000 ___RD C:\Documents and Settings\Djole\Desktop\Ostali programi i igrice
2015-12-08 10:58 - 2013-03-20 18:11 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2015-12-08 10:58 - 2013-03-20 18:11 - 00000000 ____D C:\WINDOWS\system
2015-12-08 10:48 - 2015-11-19 11:44 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\DVDVideoSoft
2015-12-07 17:40 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Music
2015-12-07 16:40 - 2013-03-20 17:27 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2015-12-05 11:03 - 2015-10-15 10:29 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2015-11-29 22:17 - 2013-09-19 14:43 - 00668160 ___SH C:\Documents and Settings\Djole\My Documents\Thumbs.db
2015-11-28 20:27 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents
2015-11-25 11:07 - 2013-03-20 18:13 - 00000327 __RSH C:\boot.ini
2015-11-25 11:07 - 2001-08-23 12:00 - 00001055 _____ C:\WINDOWS\win.ini
2015-11-25 11:07 - 2001-08-23 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-24 18:29 - 2013-03-20 19:29 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Videos
2015-11-24 15:51 - 2015-03-15 16:44 - 00000000 ____D C:\Program Files\QuickTime

==================== Files in the root of some directories =======

2013-03-20 18:20 - 2013-07-13 23:42 - 0011264 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-24 15:51 - 2015-11-24 15:58 - 0001759 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Djole\Local Settings\temp\avg-a3997230-4c4b-406a-bb30-0140d44faa4c.exe
C:\Documents and Settings\Djole\Local Settings\temp\avg-b5c22400-00bd-4054-948b-e40e37d93610.exe
C:\Documents and Settings\Djole\Local Settings\temp\avguirn_08211847017.exe
C:\Documents and Settings\Djole\Local Settings\temp\avguirn_08890897932.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ne vidim tragove zlonamjernog softvera. To što je prikazano u GOM Playeru je reklamni baner.

http://www.intowindows.com/how-to-disable-gom-media-player-popup-ads/

offline
  • Pridružio: 07 Dec 2014
  • Poruke: 47

Jos bolje sto nije virus.

Nego, izgleda da nema opcija da se iskljuci u novijoj verziji GOM-a (slika dole) pa sam instalirao malo raniju i sad nema vise reklama.

Hvala puno.

Ko je trenutno na forumu
 

Ukupno su 1285 korisnika na forumu :: 43 registrovanih, 8 sakrivenih i 1234 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Areal84, babaroga, bladesu, BORUTUS, Brana01, cenejac111, cikadeda, CikaKURE, Dimitrije Paunovic, Dorcolac, DPera, galijot, GandorCC, Georgius, Hexe, hyla, ikan, kihot, krkalon, Krvava Devetka, kybonacci, Lieutenant, ljuba, markF, mercedesamg, milenko crazy north, Milos ZA, MilosKop, Miroljub1979, Mixelotti, nemkea71, nick79, procesor, raptorsi, robert1979, S-lash, sasa87, Smd, Srle993, vathra, zlaya011, 79693