wndovs 7 64b low performance

1

wndovs 7 64b low performance

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

kao sto naslov kaze interesuje me zasto jer imam 6g ram memorije i ne tako losu graficku




https://www.mycity.rs/must-login.png



https://www.mycity.rs/must-login.png

svaka pomoc il savet je dobro dosao to mi se pre tri dana pocelo pojavljivati Ziveli

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav,


Arrow Da li si ti instalirao Spytech SpyAgent?



Korak 1.


Pokreni Start -> Control Panel -> Programs and Features i deinstaliraj sledece programe:

BrowserProtect
Delta Chrome Toolbar
Delta toolbar

Yontoo 2.052



Korak 2.


Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Pokreni ga, a zatim klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Korak 3.


Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

nisam instalirao taj program.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Spytech SpyAgent je spijunski softver, neka vrsta keyloggera...

Obrisi i njega iz Control Panel-a...

Restartuj racunar.



Arrow Ponovo pokreni DDS i dostavi mi svez DDS.txt izvestaj...

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by x box at 10:48:58 on 2013-05-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.4882 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\CNAB4RPD.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [uTorrent] "C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
uRun: [] C:\Users\x box\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
mRun: [System32] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONL~1.LNK - C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: DisableTaskMgr = 1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A6E82310-5D02-4C9C-A2E4-BD0EA09D31EF} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_21.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\x box\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: D:\FILMOVI\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-13 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-12 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
.
=============== Created Last 30 ================
.
2013-05-05 01:35:25 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-05 01:35:20 -------- d-----w- C:\Users\x box\AppData\Local\PunkBuster
2013-05-05 00:12:01 -------- d-----w- C:\Users\x box\AppData\Roaming\Ubisoft
2013-05-04 22:59:54 -------- d-----w- C:\Users\x box\AppData\Local\Ubisoft Game Launcher
2013-05-04 22:57:53 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-05-04 22:57:53 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-04 22:57:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-01 10:26:12 -------- d-----w- C:\Users\x box\AppData\Local\Samsung
2013-05-01 10:26:10 -------- d-----w- C:\Users\x box\AppData\Roaming\Samsung
2013-05-01 10:25:20 18944 ----a-w- C:\Windows\System32\drivers\ss_mdfl.sys
2013-05-01 10:25:20 161280 ----a-w- C:\Windows\System32\drivers\ss_mdm.sys
2013-05-01 10:25:20 15872 ----a-w- C:\Windows\System32\drivers\ss_whnt.sys
2013-05-01 10:25:20 15872 ----a-w- C:\Windows\System32\drivers\ss_wh.sys
2013-05-01 10:25:20 15360 ----a-w- C:\Windows\System32\drivers\ss_cmnt.sys
2013-05-01 10:25:20 15360 ----a-w- C:\Windows\System32\drivers\ss_cm.sys
2013-05-01 10:25:20 127488 ----a-w- C:\Windows\System32\drivers\ss_bus.sys
2013-05-01 10:25:19 -------- d-----w- C:\Users\x box\USB Drivers
2013-05-01 10:23:33 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-05-01 10:23:04 -------- d-----w- C:\ProgramData\Samsung
2013-05-01 10:19:06 -------- d-----w- C:\Users\x box\AppData\Local\Downloaded Installations
2013-05-01 10:01:14 -------- d-----w- C:\ProgramData\Mobile Master
2013-05-01 09:58:21 -------- d-----w- C:\Users\x box\AppData\Roaming\Mobile Master
2013-05-01 09:57:52 -------- d-----w- C:\Program Files (x86)\Common Files\Jumping Bytes
2013-05-01 09:57:51 -------- d-----w- C:\Program Files (x86)\Mobile Master
2013-05-01 09:57:10 -------- d-----w- C:\Users\x box\AppData\Roaming\Jumping Bytes
2013-05-01 06:17:24 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-01 06:17:03 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-01 06:16:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-01 06:16:07 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-30 05:03:31 -------- d-----w- C:\Users\x box\AppData\Roaming\Theta
2013-04-30 05:02:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-04-30 05:02:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-04-30 04:52:55 -------- d-----w- C:\Windows\SysWow64\directx
2013-04-29 15:47:25 63936 ----a-w- C:\Windows\System32\CNAB4RPD.EXE
2013-04-29 15:47:25 62464 ----a-w- C:\Windows\System32\CNAB4PTD.DLL
2013-04-29 15:47:25 58880 ----a-w- C:\Windows\System32\CNAB4LMD.DLL
2013-04-29 15:47:25 221696 ----a-w- C:\Windows\System32\CNAB4EMD.DLL
2013-04-29 15:47:25 126464 ----a-w- C:\Windows\System32\CNAB4SMD.DLL
2013-04-29 13:05:52 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2013-04-29 12:49:39 -------- d-----w- C:\Program Files (x86)\NetSpot Device Installer
2013-04-29 12:49:37 -------- d-----w- C:\Users\x box\AppData\Local\canon.jp
2013-04-29 12:39:52 -------- d-----w- C:\Program Files (x86)\Canon
2013-04-29 12:39:51 -------- d-----w- C:\Program Files\Canon
2013-04-26 23:16:30 -------- d-----w- C:\Users\x box\AppData\Roaming\Dekart
2013-04-24 14:35:41 -------- d-----w- C:\Program Files (x86)\E-Smart Systems
2013-04-21 10:09:34 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 11:45:40 -------- d-----w- C:\Users\x box\AppData\Local\Adobe
.
==================== Find3M ====================
.
2013-04-14 10:49:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 10:49:54 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-15 19:56:58 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-15 19:56:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-13 20:10:12 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-03-12 08:11:10 0 ----a-w- C:\Windows\ativpsrm.bin
2013-02-24 09:37:55 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-02-24 09:37:55 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-02-24 09:37:55 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
.
============= FINISH: 10:49:34,80 ===============


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"System32"=-;r
D:\Program Files (x86)\Spytech Software;fs
emptyalltemp;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by x box on ??? 08.05.2013 at 11:45:47,93.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Possible Rootkit Infection ======================

C:\Windows\installer\{57342059-4638-e33f-68d8-e343f751af9a}\L
C:\Windows\installer\{57342059-4638-e33f-68d8-e343f751af9a}\U

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default

user.js not found
---- Lines delta removed from prefs.js ----


---- Lines delta modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbr@delta.com:1.5.0,plugin@yontoo.com:1.20.02,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19");

---- Lines yontoo removed from prefs.js ----


---- Lines yontoo modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbr@disabled.com:1.5.0,plugin@yontoo.com:1.20.02,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19");

---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_08.05.2013_1148_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System32"=-

==== Deleting Files \ Folders ======================

"C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\extensions\ffxtlbr@delta.com" not found
"C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\extensions\plugin@yontoo.com" not found
"C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Windows\installer\{57342059-4638-e33f-68d8-e343f751af9a}" deleted
"C:\Users\x box\AppData\Roaming\DRPSu" deleted
"C:\Windows\installer\{57342059-4638-e33f-68d8-e343f751af9a}\L" deleted
"C:\Windows\installer\{57342059-4638-e33f-68d8-e343f751af9a}\U" deleted
"D:\Program Files (x86)\Spytech Software" deleted
"C:\Windows\syswow64\appdata" deleted
"C:\Users\x box\AppData\Roaming\GoforFiles" deleted
"C:\Users\x box\AppData\Roaming\DRPSu" deleted
"C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default
D40B9183C149CE2CBBE93AC1A275BDA9 - D:\FILMOVI\VLC\npvlc.dll - VLC Web Plugin
F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
A514E2906D52E3413A9BB7DE87F7B1DF - C:\Users\x box\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
E0FF893763BA82BAABB869A351F0C455 - C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx[]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx[]
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx[]
nfengeggddojhakldhlpjdlddgkkjkdd - No path found[]
pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[]

Angry Birds - x box - Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Live Online TV 24/7 - x box - Default\Extensions\akpdghbhngcicphgfmefdjhcdflpjhdi
Bloons Tower Defence 4.1 - x box - Default\Extensions\babnadkelplpnjaobnfbmgknmdhiogcn
Ebay Shopping Assistant by Spigot - x box - Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
WGT Baseball: MLB - x box - Default\Extensions\hpbjopfokekaencoephlgdbnljhcflhm
Domain Error Assistant - x box - Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Counter Strike Online - x box - Default\Extensions\lmebpghpgkhlphpidpcgnllbjiaoppce
Savings-Slider - x box - Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Delta Toolbar - x box - Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj
Amazon Shopping Assistant by Spigot - x box - Default\Extensions\pfndaklgolladniicklehhancnlgocpp

==== Chrome Fix ======================

C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E8B11DA9-426F-4878-A0A5-19FC06A4151E} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2733609890-2471226356-2741251806-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_USERS\S-1-5-21-2733609890-2471226356-2741251806-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\x box\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\x box\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\x box\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\x box\AppData\Local\Mozilla\Firefox\Profiles\q8il1zqm.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\x box\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\x box\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\XBOX~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\x box\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\users\x box\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QW3EXECK\kbsupport.cusa.canon.com" not found


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

OK, da izvrsimo jos dodatnu proveru



Korak 1.


Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.




Korak 2.


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Note: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Dejan Peic
  • sve
  • Pridružio: 12 Maj 2012
  • Poruke: 245
  • Gde živiš: Subotica

Napisano: 08 Maj 2013 14:38

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-08 14:19:40
-----------------------------
14:19:40.092 OS Version: Windows x64 6.1.7601 Service Pack 1
14:19:40.092 Number of processors: 2 586 0x4303
14:19:40.093 ComputerName: XBOX-PC UserName: x box
14:19:40.515 Initialize success
14:26:21.478 AVAST engine defs: 13050800
14:28:23.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
14:28:23.942 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:28:24.035 Disk 0 MBR read successfully
14:28:24.037 Disk 0 MBR scan
14:28:24.042 Disk 0 Windows 7 default MBR code
14:28:24.044 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60541 MB offset 63
14:28:24.049 Disk 0 Partition - 00 0F Extended LBA 244701 MB offset 123989670
14:28:24.062 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244700 MB offset 123989733
14:28:24.091 Disk 0 scanning C:\Windows\system32\drivers
14:28:32.043 Service scanning
14:28:57.415 Modules scanning
14:28:57.423 Disk 0 trace - called modules:
14:28:57.442 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:28:57.805 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ded730]
14:28:57.810 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> [0xfffffa8005a36320]
14:28:57.816 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa80059ae060]
14:28:58.186 AVAST engine scan C:\Windows
14:28:59.476 File: C:\Windows\sysk32.dll **INFECTED** Win32:Malware-gen
14:29:00.519 AVAST engine scan C:\Windows\system32
14:32:15.279 AVAST engine scan C:\Windows\system32\drivers
14:32:24.243 AVAST engine scan C:\Users\x box
14:34:17.645 AVAST engine scan C:\ProgramData
14:34:26.550 Scan finished successfully
14:34:56.870 Disk 0 MBR has been saved successfully to "C:\Users\x box\Desktop\MBR.dat"
14:34:56.875 The log file has been saved successfully to "C:\Users\x box\Desktop\aswMBR.txt"

Dopuna: 08 Maj 2013 14:39

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by x box (administrator) on 08-05-2013 14:36:36
Running from C:\Users\x box\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(BitTorrent Inc.) C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Windows\system32\CNAB4RPD.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
(Google Inc.) C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Farbar) C:\Users\x box\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2782096 2010-07-26] (CANON INC.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [uTorrent] "C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe [607744 2013-04-04] (MyCity)
HKCU\...\Run: [] C:\Users\x box\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {E8B11DA9-426F-4878-A0A5-19FC06A4151E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie.....=198484&p={searchTerms}
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox - C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - D:\FILMOVI\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\Extensions\ascsurfingprotection@iobit.com

Chrome:
=======
CHR Extension: (Angry Birds) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Live Online TV 24/7) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpdghbhngcicphgfmefdjhcdflpjhdi\1.0_0
CHR Extension: (Bloons Tower Defence 4.1) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\babnadkelplpnjaobnfbmgknmdhiogcn\1_0
CHR Extension: (YouTube) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Classic Games) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmoikambnjgjnhaefiklkblfjoolnaf\11.0.1_0
CHR Extension: (Google Search) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (WGT Baseball: MLB) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpbjopfokekaencoephlgdbnljhcflhm\2.1.2_0
CHR Extension: (Counter Strike Online) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmebpghpgkhlphpidpcgnllbjiaoppce\1.1_0
CHR Extension: ( Formula Racer 2012) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdppgfondndjadnfnljaddkbkanhelji\5.0.4_0
CHR Extension: (Delta Toolbar) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0
CHR Extension: (Gmail) - C:\Users\x box\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-05] ()
S2 AdvancedSystemCareService6;

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-13] (DT Soft Ltd)
S3 NPF; C:\Windows\SysWow64\drivers\npf.sys [32512 2005-08-02] (CACE Technologies)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 aswMBR; \??\C:\Users\XBOX~1\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-08 14:36 - 2013-05-08 14:36 - 00000000 ____D C:\FRST
2013-05-08 14:34 - 2013-05-08 14:34 - 00002066 ____A C:\Users\x box\Desktop\aswMBR.txt
2013-05-08 14:34 - 2013-05-08 14:34 - 00000512 ____A C:\Users\x box\Desktop\MBR.dat
2013-05-08 14:21 - 2013-05-08 14:21 - 01874784 ____A (Farbar) C:\Users\x box\Desktop\FRST64.exe
2013-05-08 14:17 - 2013-05-08 14:18 - 04745728 ____A (AVAST Software) C:\Users\x box\Desktop\aswMBR.exe
2013-05-08 13:42 - 2013-05-08 13:46 - 30248362 ____A (SurveilStar Inc. ) C:\Users\x box\Desktop\surveilstar-any-parental-control.exe
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\ProgramData\ATI
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-05-08 12:56 - 2013-05-08 12:56 - 00000000 ____D C:\Windows\LastGood
2013-05-08 12:55 - 2013-05-08 12:55 - 00000000 ____D C:\AMD
2013-05-08 12:44 - 2013-05-08 12:44 - 00792704 ____A (AMD) C:\Users\x box\Desktop\amddriverdownloader.exe
2013-05-08 11:53 - 2013-05-08 11:53 - 00010727 ____A C:\Users\x box\Desktop\zoek.txt
2013-05-08 11:49 - 2013-05-08 11:45 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-05-08 11:46 - 2013-05-08 11:52 - 00010727 ____A C:\zoek-results.log
2013-05-08 11:44 - 2013-05-08 11:44 - 01269060 ____A C:\Users\x box\Desktop\zoek.exe
2013-05-08 10:49 - 2013-05-08 10:49 - 00013364 ____A C:\Users\x box\Desktop\dds.txt
2013-05-08 10:49 - 2013-05-08 10:49 - 00008418 ____A C:\Users\x box\Desktop\attach.txt
2013-05-08 10:33 - 2013-05-08 10:33 - 00004517 ____A C:\Users\x box\Documents\gmer3.txt
2013-05-08 10:02 - 2013-05-08 10:02 - 00000313 ____A C:\AdwCleaner[S1].txt
2013-05-06 05:05 - 2013-05-06 05:06 - 00000000 ____D C:\Users\x box\Documents\Battlefield 3
2013-05-05 03:35 - 2013-05-05 08:07 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-05 03:35 - 2013-05-05 03:35 - 00000000 ____D C:\Users\x box\AppData\Local\PunkBuster
2013-05-05 02:12 - 2013-05-05 02:12 - 00000000 ____D C:\Users\x box\AppData\Roaming\Ubisoft
2013-05-05 00:59 - 2013-05-05 04:21 - 00000000 ____D C:\Users\x box\AppData\Local\Ubisoft Game Launcher
2013-05-05 00:59 - 2013-05-05 02:23 - 00000000 ____D C:\Users\x box\Documents\Ubisoft
2013-05-05 00:57 - 2013-05-05 08:07 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-05 00:57 - 2013-05-05 03:35 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-05 00:57 - 2013-05-05 02:23 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-04 03:12 - 2013-05-05 13:35 - 00000000 ____D C:\Users\x box\Desktop\folder
2013-05-03 13:37 - 2013-05-03 13:37 - 00000662 ____A C:\Users\x box\Desktop\maja i ja - Shortcut.lnk
2013-05-03 10:38 - 2013-05-03 10:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-05-02 12:02 - 2013-05-02 12:02 - 00262144 ____N C:\Windows\Minidump\050213-17206-01.dmp
2013-05-02 09:52 - 2012-11-13 08:40 - 00000000 ____D C:\Users\x box\AppData\Roaming\vlc
2013-05-02 04:56 - 2013-05-02 04:56 - 00262144 ____N C:\Windows\Minidump\050213-22042-01.dmp
2013-05-01 12:35 - 2013-05-01 12:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-05-01 12:26 - 2013-05-05 01:50 - 00000000 ____D C:\Users\x box\AppData\Roaming\Samsung
2013-05-01 12:26 - 2013-05-05 01:50 - 00000000 ____D C:\Users\x box\AppData\Local\Samsung
2013-05-01 12:26 - 2013-05-01 12:26 - 00000000 ____D C:\Users\x box\Documents\samsung
2013-05-01 12:26 - 2013-05-01 12:26 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-05-01 12:25 - 2013-04-03 09:58 - 00161280 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_mdm.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00127488 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_bus.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00018944 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_mdfl.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_whnt.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00015872 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_wh.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_cmnt.sys
2013-05-01 12:25 - 2013-04-03 09:58 - 00015360 ____A (MCCI Corporation) C:\Windows\System32\Drivers\ss_cm.sys
2013-05-01 12:23 - 2013-05-05 01:50 - 00000000 ____D C:\ProgramData\Samsung
2013-05-01 12:23 - 2013-02-05 17:53 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-05-01 12:19 - 2013-05-01 12:19 - 00000000 ____D C:\Users\x box\AppData\Local\Downloaded Installations
2013-05-01 12:01 - 2013-05-01 12:01 - 00000000 ____D C:\ProgramData\Mobile Master
2013-05-01 11:58 - 2013-05-01 12:40 - 00000000 ____D C:\Users\x box\AppData\Roaming\Mobile Master
2013-05-01 11:57 - 2013-05-01 11:58 - 00000000 ____D C:\Program Files (x86)\Mobile Master
2013-05-01 11:57 - 2013-05-01 11:57 - 00000000 ____D C:\Users\x box\AppData\Roaming\Jumping Bytes
2013-05-01 11:23 - 2013-05-01 11:24 - 00004419 ____A C:\Users\x box\scedit.log
2013-05-01 11:23 - 2013-05-01 11:23 - 00000003 ____A C:\Users\x box\DSIMCard2.log
2013-05-01 11:23 - 2013-05-01 11:23 - 00000003 ____A C:\Users\x box\DSIMCard.log
2013-04-30 07:03 - 2013-04-30 07:03 - 00000000 ____D C:\Users\x box\Documents\Assassin's Creed III
2013-04-30 07:03 - 2013-04-30 07:03 - 00000000 ____D C:\Users\x box\AppData\Roaming\Theta
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-04-30 06:52 - 2013-05-05 02:21 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-04-30 06:52 - 2013-04-30 06:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-04-29 20:03 - 2013-05-05 13:30 - 00074428 ____A C:\Windows\DirectX.log
2013-04-29 17:47 - 2012-10-10 00:00 - 00221696 ____A (CANON INC.) C:\Windows\System32\CNAB4EMD.DLL
2013-04-29 17:47 - 2012-10-10 00:00 - 00126464 ____A (CANON INC.) C:\Windows\System32\CNAB4SMD.DLL
2013-04-29 17:47 - 2012-10-10 00:00 - 00062464 ____A (CANON INC.) C:\Windows\System32\CNAB4PTD.DLL
2013-04-29 17:47 - 2012-10-10 00:00 - 00058880 ____A (CANON INC.) C:\Windows\System32\CNAB4LMD.DLL
2013-04-29 17:47 - 2010-01-13 11:59 - 00063936 ____A (CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
2013-04-29 17:15 - 2013-04-29 17:15 - 00262144 ____N C:\Windows\Minidump\042913-16395-01.dmp
2013-04-29 16:59 - 2013-05-08 11:51 - 00007866 ____A C:\Windows\PFRO.log
2013-04-29 15:05 - 2013-04-29 15:05 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-04-29 14:53 - 2013-04-29 14:53 - 00262144 ____N C:\Windows\Minidump\042913-16068-01.dmp
2013-04-29 14:49 - 2013-04-29 14:49 - 00000000 ____D C:\Users\x box\AppData\Local\canon.jp
2013-04-29 14:39 - 2013-04-29 18:30 - 00000000 ____D C:\Program Files\Canon
2013-04-29 14:39 - 2013-04-29 14:39 - 00000000 ____D C:\Program Files (x86)\Canon
2013-04-27 01:16 - 2013-04-27 01:16 - 00000000 ____D C:\Users\x box\AppData\Roaming\Dekart
2013-04-26 23:14 - 2013-04-26 23:14 - 00108840 ____A C:\Users\x box\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-26 23:13 - 2013-05-08 12:57 - 00003629 ____A C:\Windows\setupact.log
2013-04-26 23:13 - 2013-04-26 23:13 - 00416024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-26 23:13 - 2013-04-26 23:13 - 00000000 ____A C:\Windows\setuperr.log
2013-04-25 14:12 - 2013-05-01 21:17 - 00150016 ____A C:\users\x boxupdate.exe
2013-04-24 16:35 - 2013-04-24 16:35 - 00000000 ____D C:\Program Files (x86)\E-Smart Systems
2013-04-22 18:31 - 2013-04-22 18:31 - 00021573 ____A C:\Windows\SysWOW64\hs_err_pid3520.log
2013-04-21 12:09 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-21 12:09 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-21 12:09 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-21 12:08 - 2013-04-21 12:09 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-16 13:45 - 2013-04-16 13:45 - 00000000 ____D C:\Users\x box\AppData\Local\Adobe
2013-04-14 12:48 - 2013-04-16 13:46 - 00000000 ____D C:\ProgramData\Adobe
2013-04-12 00:03 - 2013-05-08 10:05 - 00000273 ___AH C:\ProgramData\emopts.dat
2013-04-12 00:01 - 2013-04-12 00:02 - 00000023 ____A C:\msdos.sys
2013-04-11 23:59 - 2013-04-12 00:02 - 00007226 ____H C:\ProgramData\sys004.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00004126 ____H C:\ProgramData\sys011.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00003847 ____H C:\ProgramData\sys002.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00001780 ____H C:\ProgramData\sys001.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00001047 ____H C:\ProgramData\sys005.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00001015 ____H C:\ProgramData\sys008.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00000817 ____H C:\ProgramData\sys012.log
2013-04-11 23:59 - 2013-04-12 00:02 - 00000109 ____H C:\ProgramData\sys014.log
2013-04-11 22:22 - 2013-04-11 23:52 - 00000143 ____A C:\Windows\spysplash.dat
2013-04-10 09:42 - 2013-05-02 09:53 - 00000000 ____D C:\Users\x box\Desktop\FILMOVI
2013-04-10 09:40 - 2013-04-30 16:16 - 00000000 ____D C:\Users\x box\Desktop\PROGRAMI
2013-04-10 09:38 - 2013-05-07 00:13 - 00000000 ____D C:\Users\x box\Desktop\IGRE

==================== One Month Modified Files and Folders =======

2013-05-08 14:36 - 2013-05-08 14:36 - 00000000 ____D C:\FRST
2013-05-08 14:34 - 2013-05-08 14:34 - 00002066 ____A C:\Users\x box\Desktop\aswMBR.txt
2013-05-08 14:34 - 2013-05-08 14:34 - 00000512 ____A C:\Users\x box\Desktop\MBR.dat
2013-05-08 14:34 - 2013-03-13 19:23 - 00000000 ____D C:\Users\x box\AppData\Roaming\uTorrent
2013-05-08 14:21 - 2013-05-08 14:21 - 01874784 ____A (Farbar) C:\Users\x box\Desktop\FRST64.exe
2013-05-08 14:18 - 2013-05-08 14:17 - 04745728 ____A (AVAST Software) C:\Users\x box\Desktop\aswMBR.exe
2013-05-08 14:00 - 2013-03-22 11:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-08 13:58 - 2013-02-24 12:45 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000UA.job
2013-05-08 13:46 - 2013-05-08 13:42 - 30248362 ____A (SurveilStar Inc. ) C:\Users\x box\Desktop\surveilstar-any-parental-control.exe
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\ProgramData\ATI
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-05-08 12:58 - 2013-05-08 12:58 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-05-08 12:58 - 2013-03-12 20:58 - 00000000 ____D C:\ProgramData\AMD
2013-05-08 12:58 - 2013-03-12 20:56 - 00000000 ____D C:\Program Files\ATI Technologies
2013-05-08 12:58 - 2009-07-14 07:13 - 00006300 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-08 12:57 - 2013-04-26 23:13 - 00003629 ____A C:\Windows\setupact.log
2013-05-08 12:56 - 2013-05-08 12:56 - 00000000 ____D C:\Windows\LastGood
2013-05-08 12:55 - 2013-05-08 12:55 - 00000000 ____D C:\AMD
2013-05-08 12:44 - 2013-05-08 12:44 - 00792704 ____A (AMD) C:\Users\x box\Desktop\amddriverdownloader.exe
2013-05-08 11:58 - 2013-02-24 12:45 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000Core.job
2013-05-08 11:53 - 2013-05-08 11:53 - 00010727 ____A C:\Users\x box\Desktop\zoek.txt
2013-05-08 11:52 - 2013-05-08 11:46 - 00010727 ____A C:\zoek-results.log
2013-05-08 11:52 - 2013-03-16 09:24 - 00000000 ____D C:\ProgramData\MCShield
2013-05-08 11:51 - 2013-04-29 16:59 - 00007866 ____A C:\Windows\PFRO.log
2013-05-08 11:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-08 11:49 - 2013-04-06 17:47 - 00144216 ____A C:\Windows\WindowsUpdate.log
2013-05-08 11:45 - 2013-05-08 11:49 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-05-08 11:44 - 2013-05-08 11:44 - 01269060 ____A C:\Users\x box\Desktop\zoek.exe
2013-05-08 10:49 - 2013-05-08 10:49 - 00013364 ____A C:\Users\x box\Desktop\dds.txt
2013-05-08 10:49 - 2013-05-08 10:49 - 00008418 ____A C:\Users\x box\Desktop\attach.txt
2013-05-08 10:34 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-08 10:34 - 2009-07-14 06:45 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-08 10:33 - 2013-05-08 10:33 - 00004517 ____A C:\Users\x box\Documents\gmer3.txt
2013-05-08 10:05 - 2013-04-12 00:03 - 00000273 ___AH C:\ProgramData\emopts.dat
2013-05-08 10:05 - 2002-05-15 21:41 - 00000970 ___AH C:\ProgramData\saopts.dat
2013-05-08 10:03 - 2013-02-24 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-08 10:02 - 2013-05-08 10:02 - 00000313 ____A C:\AdwCleaner[S1].txt
2013-05-07 00:13 - 2013-04-10 09:38 - 00000000 ____D C:\Users\x box\Desktop\IGRE
2013-05-06 05:06 - 2013-05-06 05:05 - 00000000 ____D C:\Users\x box\Documents\Battlefield 3
2013-05-05 13:35 - 2013-05-04 03:12 - 00000000 ____D C:\Users\x box\Desktop\folder
2013-05-05 13:33 - 2013-03-19 23:23 - 00000000 ____D C:\Users\x box\Documents\Rockstar Games
2013-05-05 13:30 - 2013-04-29 20:03 - 00074428 ____A C:\Windows\DirectX.log
2013-05-05 12:59 - 2013-03-13 22:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-05 08:07 - 2013-05-05 03:35 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-05 08:07 - 2013-05-05 00:57 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-05 06:52 - 2013-03-20 01:36 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2013-05-05 04:21 - 2013-05-05 00:59 - 00000000 ____D C:\Users\x box\AppData\Local\Ubisoft Game Launcher
2013-05-05 03:35 - 2013-05-05 03:35 - 00000000 ____D C:\Users\x box\AppData\Local\PunkBuster
2013-05-05 03:35 - 2013-05-05 00:57 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-05 02:23 - 2013-05-05 00:59 - 00000000 ____D C:\Users\x box\Documents\Ubisoft
2013-05-05 02:23 - 2013-05-05 00:57 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-05 02:21 - 2013-04-30 06:52 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-05-05 02:12 - 2013-05-05 02:12 - 00000000 ____D C:\Users\x box\AppData\Roaming\Ubisoft
2013-05-05 01:50 - 2013-05-01 12:26 - 00000000 ____D C:\Users\x box\AppData\Roaming\Samsung
2013-05-05 01:50 - 2013-05-01 12:26 - 00000000 ____D C:\Users\x box\AppData\Local\Samsung
2013-05-05 01:50 - 2013-05-01 12:23 - 00000000 ____D C:\ProgramData\Samsung
2013-05-05 01:50 - 2013-02-24 11:39 - 00000000 ____D C:\users\x box
2013-05-03 13:37 - 2013-05-03 13:37 - 00000662 ____A C:\Users\x box\Desktop\maja i ja - Shortcut.lnk
2013-05-03 10:54 - 2013-03-12 19:29 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2013-05-03 10:38 - 2013-05-03 10:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-05-02 12:02 - 2013-05-02 12:02 - 00262144 ____N C:\Windows\Minidump\050213-17206-01.dmp
2013-05-02 12:02 - 2013-03-12 19:55 - 00000000 ____D C:\Windows\Minidump
2013-05-02 09:53 - 2013-04-10 09:42 - 00000000 ____D C:\Users\x box\Desktop\FILMOVI
2013-05-02 04:56 - 2013-05-02 04:56 - 00262144 ____N C:\Windows\Minidump\050213-22042-01.dmp
2013-05-01 21:17 - 2013-04-25 14:12 - 00150016 ____A C:\users\x boxupdate.exe
2013-05-01 20:57 - 2013-04-01 06:55 - 00000000 ____D C:\Users\x box\AppData\Local\SKIDROW
2013-05-01 12:40 - 2013-05-01 11:58 - 00000000 ____D C:\Users\x box\AppData\Roaming\Mobile Master
2013-05-01 12:38 - 2013-05-01 12:35 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-05-01 12:26 - 2013-05-01 12:26 - 00000000 ____D C:\Users\x box\Documents\samsung
2013-05-01 12:26 - 2013-05-01 12:26 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-05-01 12:22 - 2013-03-21 09:27 - 00006282 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-01 12:19 - 2013-05-01 12:19 - 00000000 ____D C:\Users\x box\AppData\Local\Downloaded Installations
2013-05-01 12:01 - 2013-05-01 12:01 - 00000000 ____D C:\ProgramData\Mobile Master
2013-05-01 11:58 - 2013-05-01 11:57 - 00000000 ____D C:\Program Files (x86)\Mobile Master
2013-05-01 11:57 - 2013-05-01 11:57 - 00000000 ____D C:\Users\x box\AppData\Roaming\Jumping Bytes
2013-05-01 11:24 - 2013-05-01 11:23 - 00004419 ____A C:\Users\x box\scedit.log
2013-05-01 11:23 - 2013-05-01 11:23 - 00000003 ____A C:\Users\x box\DSIMCard2.log
2013-05-01 11:23 - 2013-05-01 11:23 - 00000003 ____A C:\Users\x box\DSIMCard.log
2013-04-30 16:16 - 2013-04-10 09:40 - 00000000 ____D C:\Users\x box\Desktop\PROGRAMI
2013-04-30 07:03 - 2013-04-30 07:03 - 00000000 ____D C:\Users\x box\Documents\Assassin's Creed III
2013-04-30 07:03 - 2013-04-30 07:03 - 00000000 ____D C:\Users\x box\AppData\Roaming\Theta
2013-04-30 07:02 - 2013-04-30 07:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-04-30 06:53 - 2013-04-30 06:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-04-29 18:30 - 2013-04-29 14:39 - 00000000 ____D C:\Program Files\Canon
2013-04-29 17:15 - 2013-04-29 17:15 - 00262144 ____N C:\Windows\Minidump\042913-16395-01.dmp
2013-04-29 16:54 - 2013-03-13 22:10 - 00000000 ____D C:\Users\x box\AppData\Roaming\DAEMON Tools Lite
2013-04-29 15:05 - 2013-04-29 15:05 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-04-29 15:03 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-04-29 14:53 - 2013-04-29 14:53 - 00262144 ____N C:\Windows\Minidump\042913-16068-01.dmp
2013-04-29 14:49 - 2013-04-29 14:49 - 00000000 ____D C:\Users\x box\AppData\Local\canon.jp
2013-04-29 14:39 - 2013-04-29 14:39 - 00000000 ____D C:\Program Files (x86)\Canon
2013-04-27 01:16 - 2013-04-27 01:16 - 00000000 ____D C:\Users\x box\AppData\Roaming\Dekart
2013-04-26 23:14 - 2013-04-26 23:14 - 00108840 ____A C:\Users\x box\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-26 23:13 - 2013-04-26 23:13 - 00416024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-26 23:13 - 2013-04-26 23:13 - 00000000 ____A C:\Windows\setuperr.log
2013-04-24 16:35 - 2013-04-24 16:35 - 00000000 ____D C:\Program Files (x86)\E-Smart Systems
2013-04-24 16:26 - 2013-03-12 10:13 - 00000000 ____D C:\Program Files (x86)\MUP RS
2013-04-22 18:31 - 2013-04-22 18:31 - 00021573 ____A C:\Windows\SysWOW64\hs_err_pid3520.log
2013-04-21 12:09 - 2013-04-21 12:08 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-21 12:09 - 2013-03-15 21:56 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-18 22:36 - 2013-04-01 06:56 - 00000000 ____D C:\Users\x box\AppData\Local\SniperV2
2013-04-18 22:36 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-04-18 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-18 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-04-18 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-18 22:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-04-16 13:46 - 2013-04-14 12:48 - 00000000 ____D C:\ProgramData\Adobe
2013-04-16 13:45 - 2013-04-16 13:45 - 00000000 ____D C:\Users\x box\AppData\Local\Adobe
2013-04-16 13:45 - 2013-02-24 12:43 - 00000000 ____D C:\Users\x box\AppData\Roaming\Adobe
2013-04-16 11:02 - 2013-02-24 12:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-14 12:49 - 2013-03-15 11:24 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-14 12:49 - 2013-03-15 11:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-12 19:48 - 2013-03-16 09:24 - 00000000 ____D C:\Program Files (x86)\MCShield
2013-04-12 00:02 - 2013-04-12 00:01 - 00000023 ____A C:\msdos.sys
2013-04-12 00:02 - 2013-04-11 23:59 - 00007226 ____H C:\ProgramData\sys004.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00004126 ____H C:\ProgramData\sys011.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00003847 ____H C:\ProgramData\sys002.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00001780 ____H C:\ProgramData\sys001.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00001047 ____H C:\ProgramData\sys005.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00001015 ____H C:\ProgramData\sys008.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00000817 ____H C:\ProgramData\sys012.log
2013-04-12 00:02 - 2013-04-11 23:59 - 00000109 ____H C:\ProgramData\sys014.log
2013-04-11 23:58 - 2013-04-07 15:59 - 00000000 ___HD C:\ProgramData\sacache
2013-04-11 23:52 - 2013-04-11 22:22 - 00000143 ____A C:\Windows\spysplash.dat
2013-04-11 04:58 - 2013-02-24 12:48 - 00002336 ____A C:\Users\x box\Desktop\Google Chrome.lnk

Other Malware:
===========
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-06 06:58

==================== End Of Log ============================

Dopuna: 08 Maj 2013 14:39

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd


Otvoriti Notepad i iskopirati sledeci tekst:

C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
C:\Windows\spysplash.dat
HKLM-x32\...\Run: [] D:\Program Files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe [x]
D:\Program Files (x86)\Spytech Software
C:\Windows\sysk32.dll


Sacuvaj fajl na istoj lokaciji gde se nalazi i FRST (u tvom slucaju Desktop), kao fixlist.txt
Pokreni FRST i klikni na dugme Fix i pricekaj da program zavrsi.
Otvorice ti se Notepad sa sadrzajem izvestaja, koji kopiraj u poruku.




Arrow Kakvo je sada stanje sistema?

Ko je trenutno na forumu
 

Ukupno su 1230 korisnika na forumu :: 28 registrovanih, 3 sakrivenih i 1199 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, Artmf, atrkulja, crnitrn, Djokislav, Djokkinen, Djurdevdan, Duh sa sekirom, Fisherman, Gama, gorozup, knell, Krusarac, Kubovac, lakiluciano, MiG-29M2, Miskohd, Mlav, nenad812, Recce, renoje2, Shomy, vlad the impaler, vlvl, wulfy, zlaya011, znaisha