offline
- Pridružio: 07 Dec 2014
- Poruke: 47
|
Danas je pocela da mi se pojavljuje poruka "You may need to fix Windows errors" u GOM- u kada bi zavrsio sa gledanjem nekog filma ili video klipa. Skenirao sam sa Malwarebytes Anti-Malware i uklonio je 4 zarazena fajla ali virus je izgleda i dalje tu posto se poruka u GOM-u ponavlja.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-12-2015
Ran by Djole (administrator) on COMPUTER_0313 (24-12-2015 22:12:51)
Running from C:\Documents and Settings\Djole\Desktop
Loaded Profiles: Djole (Available Profiles: Djole)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(BitTorrent Inc.) D:\Programi\utorrent.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [91432 2007-11-16] (cyberlink)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [72736 2007-10-28] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2007-12-20] (Vimicro Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe [90112 2008-11-13] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\iSkysoft\iTube Studio\DelayPluginI.exe
HKLM\...\Run: [MFARestart] => "C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" /usereg
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-04-20] (ATI Technologies Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [MaxRecentDocs] 11
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Djole\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8F6D3387-25D9-4FF1-B525-3F952A763298}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\iSkysoft\ITUBES~1\WSBROW~1.DLL => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-24] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-24] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-10-15] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Documents and Settings\Djole\Application Data\ACEStream\player\npace_plugin.dll [2014-04-10] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Djole\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1614895754-2025429265-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Djole\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-18] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\searchplugins\youtube-video-search.xml [2014-08-26]
FF Extension: MEGA - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\firefox@mega.co.nz.xpi [2015-12-22]
FF Extension: YouTube ALL HTML5 - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2015-10-31]
FF Extension: Video AdBlock for Firefox - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92}(2) [2015-12-20] [not signed]
FF Extension: Modify Headers - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-05-30]
FF Extension: Video DownloadHelper - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: DownThemAll! - C:\Documents and Settings\Djole\Application Data\Mozilla\Firefox\Profiles\84v2c95l.default-1409015363875\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22] [not signed]
FF HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013-11-13] [not signed]
Chrome:
=======
CHR HomePage: Default -> chrome://apps/
CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-08]
CHR Extension: (New Tab Redirect) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-11-25]
CHR Extension: (Magic Player) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-04-29] [UpdateUrl: hxxp://magicplayer.torrentstream.org/update/chrome_new/magicplayer.xml] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Djole\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\Djole\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files\AVG\Av\avgfws.exe [1587128 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-24] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-11-17] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243120 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation)
R3 vvftUVC; C:\WINDOWS\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [41456 2007-11-03] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-24 22:12 - 2015-12-24 22:13 - 00024198 _____ C:\Documents and Settings\Djole\Desktop\FRST.txt
2015-12-24 22:05 - 2015-12-24 22:06 - 01721856 _____ (Farbar) C:\Documents and Settings\Djole\Desktop\FRST.exe
2015-12-24 22:01 - 2015-12-24 22:01 - 00000000 ____D C:\Documents and Settings\Djole\Start Menu\Programs\CyberLink PowerDVD
2015-12-13 14:47 - 2015-12-20 11:09 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2015-12-13 14:47 - 2015-12-13 14:47 - 00001409 _____ C:\WINDOWS\QTFont.for
2015-12-08 10:58 - 2015-12-08 22:44 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\Media Player Classic
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Analog Devices
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-12-07 17:30 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-12-07 17:30 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-12-07 17:02 - 2015-12-08 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack(2)
2015-12-07 17:01 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack(2)
2015-12-07 16:39 - 2015-12-08 10:58 - 00000000 ____D C:\Program Files\Analog Devices(2)
2015-11-24 15:51 - 2015-11-24 15:58 - 00001759 _____ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2015-11-24 15:51 - 2015-11-24 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-11-24 15:50 - 2015-11-24 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-24 22:13 - 2014-12-07 20:11 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\temp
2015-12-24 22:12 - 2015-01-24 16:50 - 00000000 ____D C:\FRST
2015-12-24 22:12 - 2013-03-21 20:04 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\uTorrent
2015-12-24 22:04 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Pictures
2015-12-24 22:01 - 2015-09-01 11:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 22:01 - 2013-03-20 17:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-24 21:56 - 2013-03-20 17:55 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-12-24 21:56 - 2013-03-20 17:26 - 00031936 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-24 21:56 - 2013-03-20 17:26 - 00000178 ___SH C:\Documents and Settings\Djole\ntuser.ini
2015-12-24 21:39 - 2013-09-20 17:34 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003UA.job
2015-12-24 21:37 - 2014-09-01 00:28 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\Adobe
2015-12-24 21:37 - 2013-03-21 14:26 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-24 21:37 - 2013-03-21 14:26 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-24 21:30 - 2015-09-01 11:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 21:28 - 2015-10-15 10:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-12-24 21:26 - 2014-07-25 01:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-12-24 21:19 - 2013-03-20 17:26 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-12-24 21:19 - 2013-03-20 17:26 - 00000000 ____D C:\Documents and Settings\Djole
2015-12-24 21:19 - 2013-03-20 17:25 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-12-24 21:19 - 2013-03-20 17:20 - 00000000 ____D C:\WINDOWS\Registration
2015-12-24 18:39 - 2013-09-20 17:34 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1614895754-2025429265-1417001333-1003Core.job
2015-12-24 14:14 - 2013-03-20 18:12 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\vlc
2015-12-24 10:58 - 2001-08-23 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-20 18:00 - 2015-10-15 10:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-12-20 18:00 - 2013-03-20 18:11 - 00000000 ___HD C:\WINDOWS\inf
2015-12-20 18:00 - 2013-03-20 18:11 - 00000000 ____D C:\WINDOWS
2015-12-17 15:06 - 2015-09-23 21:01 - 00000000 ____D C:\Documents and Settings\Djole\Local Settings\Application Data\AvgSetupLog
2015-12-08 10:58 - 2013-03-20 18:21 - 00000000 ___RD C:\Documents and Settings\Djole\Desktop\Ostali programi i igrice
2015-12-08 10:58 - 2013-03-20 18:11 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2015-12-08 10:58 - 2013-03-20 18:11 - 00000000 ____D C:\WINDOWS\system
2015-12-08 10:48 - 2015-11-19 11:44 - 00000000 ____D C:\Documents and Settings\Djole\Application Data\DVDVideoSoft
2015-12-07 17:40 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Music
2015-12-07 16:40 - 2013-03-20 17:27 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2015-12-05 11:03 - 2015-10-15 10:29 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2015-11-29 22:17 - 2013-09-19 14:43 - 00668160 ___SH C:\Documents and Settings\Djole\My Documents\Thumbs.db
2015-11-28 20:27 - 2013-03-20 17:26 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents
2015-11-25 11:07 - 2013-03-20 18:13 - 00000327 __RSH C:\boot.ini
2015-11-25 11:07 - 2001-08-23 12:00 - 00001055 _____ C:\WINDOWS\win.ini
2015-11-25 11:07 - 2001-08-23 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-11-24 18:29 - 2013-03-20 19:29 - 00000000 ___RD C:\Documents and Settings\Djole\My Documents\My Videos
2015-11-24 15:51 - 2015-03-15 16:44 - 00000000 ____D C:\Program Files\QuickTime
==================== Files in the root of some directories =======
2013-03-20 18:20 - 2013-07-13 23:42 - 0011264 _____ () C:\Documents and Settings\Djole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-24 15:51 - 2015-11-24 15:58 - 0001759 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Some files in TEMP:
====================
C:\Documents and Settings\Djole\Local Settings\temp\avg-a3997230-4c4b-406a-bb30-0140d44faa4c.exe
C:\Documents and Settings\Djole\Local Settings\temp\avg-b5c22400-00bd-4054-948b-e40e37d93610.exe
C:\Documents and Settings\Djole\Local Settings\temp\avguirn_08211847017.exe
C:\Documents and Settings\Djole\Local Settings\temp\avguirn_08890897932.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
mycity.rs/must-login.png
|