MyCity » Ambulanta -> Arhiva Ambulante » Veliki Problem sa Trojancem

Veliki Problem sa Trojancem

Napisano na dan: 30.9.2013
1

Veliki Problem sa Trojancem
Sledeća strana Pagination

Idi na vrh

Poslao: 30 Sep 2013 03:56
Idi na vrh
offline
  • Pridružio: 13 Maj 2008
  • Poruke: 113

Ovako treba mi velika pomoc. Ako neko moze hitno da mi pomogne. Moja prica je sledece.

Ja radim na Cruiser-u i ubacio sam externi HDD u firmin komp da bi snimio neke fajlove, stim sto nisam znao da je firmin komp PUN TROJANACA i ko zna cega jos. Sada se desava sledece kada sam pokusao da prebacim sa HDD na lap top kasperski mi je signalizirao Trojance ali nisam uspeo da vidim koje i svi podaci sa externog HDD su mi sakriveni. Tacnije ne mogu da ih vidim a kada idem na propertis kaze mi da je HDD pun podataka. Tako da znam da nisu obrisani nego samo sakriveni. E moj problem je taj sto imam mnogo vazne podatke na externom HDD koji su mi vazni za posao. Posto drzim neke seminare i mnogo su mi vazni. Pa ako neko moze da mi pomogne kako da ocistim komp od trojanaca i externi HDD a takodje da dodam da mi je i fotoaparat zarazen i da su mi slike na njemu takodje skrivene. Pa pretpostavljam da ako formatiram SDD karticu na kameru da cu ocistiti od virusa sve to Smile Pa ako ima neko da se razume u moj problem bio bih mu vecno zahvalan.

Hvala unapred.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686
Run by Cyrax at 3:44:27 on 2013-09-30
Microsoft Windows 7 Starter 6.1.7601.1.1251.381.1033.18.2038.515 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRAMS\FGUARD\FGKey.exe
C:\Program Files\syncables\syncables desktop\syncables.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119816&tt=190313_wo1&babsrc=HP_ss&mntrId=08D6F46D04B63B4F
uDefault_Page_URL = hxxp://asus.msn.com
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
uRun: [Google Update] "c:\users\cyrax\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [CapsHook] AsusSender.exe c:\program files\asus\capshook\CapsHook.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [VAWinAgent] c:\expressgateutil\VAWinAgent.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FG_Monitor] c:\programs\fguard\FGKey.exe /Start
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TCP: NameServer = 10.128.128.128
TCP: Interfaces\{044F16DC-8586-4E16-8641-77AD6FADC85A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924} : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924}\253434C4D23425D294452564 : DHCPNameServer = 172.29.144.9
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924}\3656C6562627964797D277966696 : DHCPNameServer = 172.29.144.9
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924}\6457E60274F6C666 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924}\75966496A5F4E45402269702452496 : DHCPNameServer = 10.22.64.1
TCP: Interfaces\{2631CB0F-F042-47BB-B422-6E6723405924}\96D4163602465602A45616E6D2D4162736022596F65787 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7E652851-2966-4337-8E45-2E43F0F7DB04} : DHCPNameServer = 10.0.0.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cyrax\appdata\roaming\mozilla\firefox\profiles\m9n7okat.default\
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\cyrax\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-19 11:11; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-21 171064]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-2-16 11520]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-11 23856]
R2 FGUARD32;FGUARD32;c:\programs\fguard\FGUARD32.SYS [2013-4-19 54008]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-7-29 109960]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-3 19984]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-15 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-19 22856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-2 52224]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-09-23 18:50:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:50:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 3:47:54,13 ===============

mycity.rs/must-login.png

Poslao: 30 Sep 2013 09:09
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav, od sve prilike racunar nije inficiran, no izvrsicemo dodatne provere. Dok ti ne zatrazim, nemoj prikljucivati nikakav USB na racunar...



Korak 1.


Arrow Imas ostatke MSE antivirusa na racunaru koje je potrebno ukloniti.

Preuzmi Microsoft Security Essentials installer na Desktop:

http://download.microsoft.com/download/A/3/8/A38FF.....nstall.exe


Arrow Pritisni dugme i R, otvoriće se ovakav prozor:



Arrow Prevuci fajl koji je predhodno preuzet u Open sekciju:





Arrow Potrebno je da dodati na kraju " /U"(bez navodnika, i sa razmakom između putanje i /U).




Arrow U prozoru koji se otvori, klikni na Uninstall.



Korak 2.


Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Korak 3.


Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);

Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Poslao: 30 Sep 2013 21:58
Idi na vrh
offline
  • Pridružio: 13 Maj 2008
  • Poruke: 113

Evo odradio sam sve.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 30 Sep 2013 22:06
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Da izvrsimo jos jednu kratku proveru, pa onda prelazimo na fles


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 32bitna verzija.

Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

Poslao: 30 Sep 2013 22:34
Idi na vrh
offline
  • Pridružio: 13 Maj 2008
  • Poruke: 113

Evo izvestaja

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Cyrax (administrator) on CYRAX86 on 30-09-2013 22:19:15
Running from C:\Users\Cyrax\Downloads
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(WinAbility® Software Corporation) C:\PROGRAMS\FGUARD\FGKey.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-02-16] (ASUSTek Computer Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FG_Monitor] - C:\PROGRAMS\FGUARD\FGKey.exe [118600 2008-01-05] (WinAbility® Software Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
Winlogon\Notify\klogon: C:\windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKCU\...\Run: [Google Update] - C:\Users\Cyrax\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-29] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {451348fc-0ca8-11e1-ad7a-f46d04b63b4f} - E:\iStudio.exe
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.128.128.128

FireFox:
========
FF ProfilePath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/
CHR Extension: (YouTube) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R2 FGUARD32; C:\PROGRAMS\FGUARD\FGUARD32.SYS [54008 2008-01-05] (WinAbility® Software Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-03] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-21] (Microsoft Corporation)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
U3 uxrdqpow; \??\C:\Users\Cyrax\AppData\Local\Temp\uxrdqpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:18 - 2013-09-30 22:18 - 01086873 _____ (Farbar) C:\Users\Cyrax\Downloads\FRST.exe
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 22:11 - 2013-09-30 22:12 - 01762968 _____ (ExpressInstaller) C:\Users\Cyrax\Downloads\Express_Installer.exe
2013-09-30 21:40 - 2013-09-30 21:40 - 00006399 _____ C:\Users\Cyrax\Desktop\GMER 3.txt
2013-09-30 21:36 - 2013-09-30 21:36 - 00232230 _____ C:\Users\Cyrax\Desktop\Gmer2.log
2013-09-30 20:43 - 2013-09-30 20:43 - 00051617 _____ C:\Users\Cyrax\Desktop\gmer1.log
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:45 - 2013-09-30 19:47 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:37 - 2013-09-30 19:37 - 00003181 _____ C:\Users\Cyrax\Desktop\AdwCleaner[S0].txt
2013-09-30 19:29 - 2013-09-30 19:34 - 00000000 ____D C:\AdwCleaner
2013-09-30 19:28 - 2013-09-30 19:28 - 01042066 _____ C:\Users\Cyrax\Desktop\adwcleaner.exe
2013-09-30 19:19 - 2013-09-30 19:19 - 11233112 _____ (Microsoft Corporation) C:\Users\Cyrax\Desktop\mseinstall.exe
2013-09-30 04:17 - 2013-09-30 04:29 - 31582175 _____ C:\Users\Cyrax\Desktop\ROCKET BASE MARACANA PART 3, Crvena zvezda - Spartak 5_0.flv
2013-09-30 04:02 - 2013-09-30 04:12 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:02 - 2013-09-30 04:10 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 03:50 - 2013-09-30 04:00 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:49 - 2013-09-30 04:01 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 03:48 - 2013-09-30 03:48 - 00005683 _____ C:\Users\Cyrax\Desktop\attach.txt
2013-09-30 03:48 - 2013-09-30 03:47 - 00013807 _____ C:\Users\Cyrax\Desktop\dds.txt
2013-09-30 03:43 - 2013-09-30 03:43 - 00688992 ____R (Swearware) C:\Users\Cyrax\Desktop\dds.scr
2013-09-30 03:31 - 2013-09-30 03:47 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:30 - 2013-09-30 03:43 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:34 - 2013-09-29 21:44 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:33 - 2013-09-29 21:42 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 12:03 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 12:03 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 12:03 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 12:03 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 21:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 21:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-14 21:13 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 21:13 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 21:13 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 21:13 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 12:29 - 2013-09-17 01:02 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-10 22:02 - 2013-09-10 22:03 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 11:34 - 2013-09-30 20:05 - 00003326 _____ C:\windows\setupact.log
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-09-30 22:20 - 2011-09-29 14:02 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Skype
2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:18 - 2013-09-30 22:18 - 01086873 _____ (Farbar) C:\Users\Cyrax\Downloads\FRST.exe
2013-09-30 22:17 - 2013-07-10 22:25 - 01612449 _____ C:\windows\WindowsUpdate.log
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 22:12 - 2013-09-30 22:11 - 01762968 _____ (ExpressInstaller) C:\Users\Cyrax\Downloads\Express_Installer.exe
2013-09-30 21:59 - 2011-09-29 12:57 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000UA.job
2013-09-30 21:50 - 2013-07-18 14:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 21:40 - 2013-09-30 21:40 - 00006399 _____ C:\Users\Cyrax\Desktop\GMER 3.txt
2013-09-30 21:36 - 2013-09-30 21:36 - 00232230 _____ C:\Users\Cyrax\Desktop\Gmer2.log
2013-09-30 20:43 - 2013-09-30 20:43 - 00051617 _____ C:\Users\Cyrax\Desktop\gmer1.log
2013-09-30 20:27 - 2012-07-24 07:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-30 20:05 - 2013-09-10 11:34 - 00003326 _____ C:\windows\setupact.log
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:47 - 2013-09-30 19:45 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:43 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 19:43 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 19:37 - 2013-09-30 19:37 - 00003181 _____ C:\Users\Cyrax\Desktop\AdwCleaner[S0].txt
2013-09-30 19:36 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-30 19:34 - 2013-09-30 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-30 19:28 - 2013-09-30 19:28 - 01042066 _____ C:\Users\Cyrax\Desktop\adwcleaner.exe
2013-09-30 19:26 - 2012-06-10 10:11 - 00001945 _____ C:\windows\epplauncher.mif
2013-09-30 19:20 - 2011-09-29 12:57 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000Core.job
2013-09-30 19:19 - 2013-09-30 19:19 - 11233112 _____ (Microsoft Corporation) C:\Users\Cyrax\Desktop\mseinstall.exe
2013-09-30 04:29 - 2013-09-30 04:17 - 31582175 _____ C:\Users\Cyrax\Desktop\ROCKET BASE MARACANA PART 3, Crvena zvezda - Spartak 5_0.flv
2013-09-30 04:12 - 2013-09-30 04:02 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:12 - 2013-04-01 02:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 04:10 - 2013-09-30 04:02 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 04:01 - 2013-09-30 03:49 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 04:00 - 2013-09-30 03:50 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:48 - 2013-09-30 03:48 - 00005683 _____ C:\Users\Cyrax\Desktop\attach.txt
2013-09-30 03:47 - 2013-09-30 03:48 - 00013807 _____ C:\Users\Cyrax\Desktop\dds.txt
2013-09-30 03:47 - 2013-09-30 03:31 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:43 - 2013-09-30 03:43 - 00688992 ____R (Swearware) C:\Users\Cyrax\Desktop\dds.scr
2013-09-30 03:43 - 2013-09-30 03:30 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:44 - 2013-09-29 21:34 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:42 - 2013-09-29 21:33 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-23 21:16 - 2011-09-29 13:07 - 00002330 _____ C:\Users\Cyrax\Desktop\Google Chrome.lnk
2013-09-23 20:50 - 2013-07-18 14:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-23 20:50 - 2011-11-11 23:09 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 00:08 - 2009-07-27 12:11 - 00727334 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-23 00:07 - 2011-11-08 20:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Media Player Classic
2013-09-17 23:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 01:02 - 2013-09-13 12:29 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-16 13:42 - 2009-07-27 12:56 - 00000000 ____D C:\windows\panther
2013-09-16 13:41 - 2009-07-14 06:33 - 00277272 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 16:16 - 2011-11-20 00:21 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2013-09-15 12:02 - 2013-08-12 23:32 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:56 - 2011-10-14 10:03 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-14 21:09 - 2013-07-19 18:29 - 00002893 _____ C:\Users\Cyrax\Desktop\New Text Document.txt
2013-09-13 12:25 - 2011-09-28 14:59 - 00063072 _____ C:\Users\Cyrax\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 22:56 - 2011-09-28 14:59 - 00000000 ____D C:\Users\Cyrax
2013-09-11 21:34 - 2011-12-05 08:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Winamp
2013-09-10 22:03 - 2013-09-10 22:02 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 22:02 - 2011-11-20 00:24 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\SoftGrid Client
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log
2013-09-05 13:58 - 2012-07-21 11:13 - 00000000 ____D C:\Breaking Bad - Season 2 Dvdrip (Uncensored)
2013-09-04 13:01 - 2013-08-02 17:36 - 00000022 _____ C:\Users\Cyrax\Downloads\bonus_engleski_gramatika.zip

Some content of TEMP:
====================
C:\Users\Cyrax\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 02:16

==================== End Of Log ============================
mycity.rs/must-login.png

Poslao: 01 Okt 2013 18:09
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

OK, racunar je cist, ali su i dalje prisutni ostaci MSE antivirusa


Preuzmi ovaj alat, pokreni i isprati uputstva.

Nakon toga, ponovo pokreni FRST, klikni na Scan i dostavi mi svez izvestaj.

Poslao: 02 Okt 2013 17:34
Idi na vrh
offline
  • Pridružio: 13 Maj 2008
  • Poruke: 113

Nisam mogao ranije da odgovorim posto sam nisam bio na kopnu Smile

evo ga izvestaj :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Cyrax (administrator) on CYRAX86 on 02-10-2013 17:28:16
Running from C:\Users\Cyrax\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(WinAbility® Software Corporation) C:\PROGRAMS\FGUARD\FGKey.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Google Inc.) C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-02-16] (ASUSTek Computer Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FG_Monitor] - C:\PROGRAMS\FGUARD\FGKey.exe [118600 2008-01-05] (WinAbility® Software Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
Winlogon\Notify\klogon: C:\windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKCU\...\Run: [Google Update] - C:\Users\Cyrax\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-29] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.206.214.243

FireFox:
========
FF ProfilePath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R2 FGUARD32; C:\PROGRAMS\FGUARD\FGUARD32.SYS [54008 2008-01-05] (WinAbility® Software Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-03] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-21] (Microsoft Corporation)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
U3 uxrdqpow; \??\C:\Users\Cyrax\AppData\Local\Temp\uxrdqpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 17:26 - 2013-10-02 17:26 - 01087213 _____ (Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe
2013-10-02 17:22 - 2013-10-02 17:22 - 00016064 _____ C:\FixitRegBackup.reg
2013-10-02 17:22 - 2013-10-02 17:22 - 00000348 _____ C:\windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-02 17:21 - 2013-10-02 17:21 - 00899584 _____ C:\Users\Cyrax\Downloads\MicrosoftFixit50535.msi
2013-10-02 16:46 - 2013-10-02 16:47 - 00000252 ___SH C:\windows\KLIF.spi
2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:45 - 2013-09-30 19:47 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:29 - 2013-09-30 19:34 - 00000000 ____D C:\AdwCleaner
2013-09-30 04:02 - 2013-09-30 04:12 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:02 - 2013-09-30 04:10 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 03:50 - 2013-09-30 04:00 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:49 - 2013-09-30 04:01 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 03:31 - 2013-09-30 03:47 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:30 - 2013-09-30 03:43 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:34 - 2013-09-29 21:44 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:33 - 2013-09-29 21:42 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 12:03 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 12:03 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 12:03 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 12:03 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 21:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 21:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-14 21:13 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 21:13 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 21:13 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 21:13 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 12:29 - 2013-09-17 01:02 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-10 22:02 - 2013-09-10 22:03 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 11:34 - 2013-10-01 05:12 - 00003382 _____ C:\windows\setupact.log
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-10-02 17:31 - 2011-09-29 14:02 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Skype
2013-10-02 17:26 - 2013-10-02 17:26 - 01087213 _____ (Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe
2013-10-02 17:24 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 17:24 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 17:23 - 2013-04-01 02:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-02 17:22 - 2013-10-02 17:22 - 00016064 _____ C:\FixitRegBackup.reg
2013-10-02 17:22 - 2013-10-02 17:22 - 00000348 _____ C:\windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-02 17:21 - 2013-10-02 17:21 - 00899584 _____ C:\Users\Cyrax\Downloads\MicrosoftFixit50535.msi
2013-10-02 17:11 - 2011-09-29 12:57 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000Core.job
2013-10-02 17:09 - 2013-07-18 14:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 17:09 - 2011-09-29 12:57 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000UA.job
2013-10-02 16:47 - 2013-10-02 16:46 - 00000252 ___SH C:\windows\KLIF.spi
2013-10-02 16:45 - 2013-07-10 22:25 - 01649813 _____ C:\windows\WindowsUpdate.log
2013-10-01 18:56 - 2012-07-24 07:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-01 05:12 - 2013-09-10 11:34 - 00003382 _____ C:\windows\setupact.log
2013-10-01 04:34 - 2013-08-16 17:29 - 00000000 ____D C:\Users\Cyrax\Desktop\RACUNI
2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:47 - 2013-09-30 19:45 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:36 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-30 19:34 - 2013-09-30 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-30 19:26 - 2012-06-10 10:11 - 00001945 _____ C:\windows\epplauncher.mif
2013-09-30 04:12 - 2013-09-30 04:02 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:10 - 2013-09-30 04:02 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 04:01 - 2013-09-30 03:49 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 04:00 - 2013-09-30 03:50 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:47 - 2013-09-30 03:31 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:43 - 2013-09-30 03:30 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:44 - 2013-09-29 21:34 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:42 - 2013-09-29 21:33 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-23 21:16 - 2011-09-29 13:07 - 00002330 _____ C:\Users\Cyrax\Desktop\Google Chrome.lnk
2013-09-23 20:50 - 2013-07-18 14:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-23 20:50 - 2011-11-11 23:09 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 00:08 - 2009-07-27 12:11 - 00727334 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-23 00:07 - 2011-11-08 20:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Media Player Classic
2013-09-17 23:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 01:02 - 2013-09-13 12:29 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-16 13:42 - 2009-07-27 12:56 - 00000000 ____D C:\windows\panther
2013-09-16 13:41 - 2009-07-14 06:33 - 00277272 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 16:16 - 2011-11-20 00:21 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2013-09-15 12:02 - 2013-08-12 23:32 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:56 - 2011-10-14 10:03 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-14 21:09 - 2013-07-19 18:29 - 00002893 _____ C:\Users\Cyrax\Desktop\New Text Document.txt
2013-09-13 12:25 - 2011-09-28 14:59 - 00063072 _____ C:\Users\Cyrax\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 22:56 - 2011-09-28 14:59 - 00000000 ____D C:\Users\Cyrax
2013-09-11 21:34 - 2011-12-05 08:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Winamp
2013-09-10 22:03 - 2013-09-10 22:02 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 22:02 - 2011-11-20 00:24 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\SoftGrid Client
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log
2013-09-05 13:58 - 2012-07-21 11:13 - 00000000 ____D C:\Breaking Bad - Season 2 Dvdrip (Uncensored)
2013-09-04 13:01 - 2013-08-02 17:36 - 00000022 _____ C:\Users\Cyrax\Downloads\bonus_engleski_gramatika.zip

Some content of TEMP:
====================
C:\Users\Cyrax\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 02:16

==================== End Of Log ============================

Poslao: 03 Okt 2013 09:06
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ostaje nam jos jedna solucija da probamo da obrisemo MSE

Preuzmi i pokreni ovaj fajl

https://www.mycity.rs/must-login.png

Kada zavrsi, restartuj racunar i postavi mi svez FRST izvestaj.

Poslao: 09 Okt 2013 17:54
Idi na vrh
offline
  • Pridružio: 13 Maj 2008
  • Poruke: 113

Izvinjavam se sto saljem sa zakasnjenjem, ali imali smo Sea day i nisam imao konekciju sa internetom.

Evo saljem izvestaj.


mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Cyrax (administrator) on CYRAX86 on 09-10-2013 06:08:19
Running from C:\Users\Cyrax\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(WinAbility® Software Corporation) C:\PROGRAMS\FGUARD\FGKey.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmi32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-02-16] (ASUSTek Computer Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FG_Monitor] - C:\PROGRAMS\FGUARD\FGKey.exe [118600 2008-01-05] (WinAbility® Software Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
Winlogon\Notify\klogon: C:\windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKCU\...\Run: [Google Update] - C:\Users\Cyrax\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-29] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = eeepc.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Users\Cyrax\AppData\Roaming\Mozilla\Firefox\Profiles\m9n7okat.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/
CHR RestoreOnStartup: "hxxp://www.google.rs/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Users\Cyrax\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Skype Click to Call) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Cyrax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Cyrax\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R2 FGUARD32; C:\PROGRAMS\FGUARD\FGUARD32.SYS [54008 2008-01-05] (WinAbility® Software Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-03] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-21] (Microsoft Corporation)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 19:08 - 2013-10-08 19:08 - 00002505 _____ C:\Users\Cyrax\Downloads\256965_1785558851_MSE Remove.bat
2013-10-05 05:30 - 2013-10-05 05:41 - 29236427 _____ C:\Users\Cyrax\Desktop\Kafanska Muzika Mix (Uživo) - Tamburaši.flv
2013-10-02 17:26 - 2013-10-02 17:26 - 01087213 _____ (Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe
2013-10-02 17:22 - 2013-10-02 17:22 - 00016064 _____ C:\FixitRegBackup.reg
2013-10-02 17:22 - 2013-10-02 17:22 - 00000348 _____ C:\windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-02 17:21 - 2013-10-02 17:21 - 00899584 _____ C:\Users\Cyrax\Downloads\MicrosoftFixit50535.msi
2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:45 - 2013-09-30 19:47 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:29 - 2013-09-30 19:34 - 00000000 ____D C:\AdwCleaner
2013-09-30 04:02 - 2013-09-30 04:12 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:02 - 2013-09-30 04:10 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 03:50 - 2013-09-30 04:00 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:49 - 2013-09-30 04:01 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 03:31 - 2013-09-30 03:47 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:30 - 2013-09-30 03:43 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:34 - 2013-09-29 21:44 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:33 - 2013-09-29 21:42 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 12:03 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-15 12:03 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-15 12:03 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-15 12:03 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-15 12:03 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-15 12:03 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 21:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-14 21:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-14 21:13 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-14 21:13 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-14 21:13 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-14 21:13 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-14 21:13 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 21:13 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 12:29 - 2013-09-17 01:02 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-10 22:02 - 2013-09-10 22:03 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 11:34 - 2013-10-09 06:05 - 00003886 _____ C:\windows\setupact.log
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-10-09 06:06 - 2012-07-24 07:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-09 06:06 - 2011-09-29 14:02 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Skype
2013-10-09 06:05 - 2013-09-10 11:34 - 00003886 _____ C:\windows\setupact.log
2013-10-09 06:05 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-09 06:03 - 2013-07-10 22:25 - 01743487 _____ C:\windows\WindowsUpdate.log
2013-10-09 05:59 - 2011-09-29 12:57 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000UA.job
2013-10-09 05:50 - 2013-07-18 14:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 19:08 - 2013-10-08 19:08 - 00002505 _____ C:\Users\Cyrax\Downloads\256965_1785558851_MSE Remove.bat
2013-10-08 18:36 - 2011-09-29 13:07 - 00002330 _____ C:\Users\Cyrax\Desktop\Google Chrome.lnk
2013-10-08 18:36 - 2011-09-29 12:57 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599717424-3675598571-1652891671-1000Core.job
2013-10-08 04:18 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 04:18 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 05:41 - 2013-10-05 05:30 - 29236427 _____ C:\Users\Cyrax\Desktop\Kafanska Muzika Mix (Uživo) - Tamburaši.flv
2013-10-05 05:29 - 2013-04-01 02:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-02 17:26 - 2013-10-02 17:26 - 01087213 _____ (Farbar) C:\Users\Cyrax\Desktop\FRST (1).exe
2013-10-02 17:22 - 2013-10-02 17:22 - 00016064 _____ C:\FixitRegBackup.reg
2013-10-02 17:22 - 2013-10-02 17:22 - 00000348 _____ C:\windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-10-02 17:21 - 2013-10-02 17:21 - 00899584 _____ C:\Users\Cyrax\Downloads\MicrosoftFixit50535.msi
2013-10-01 04:34 - 2013-08-16 17:29 - 00000000 ____D C:\Users\Cyrax\Desktop\RACUNI
2013-09-30 22:19 - 2013-09-30 22:19 - 00000000 ____D C:\FRST
2013-09-30 22:15 - 2013-09-30 22:15 - 00718688 _____ () C:\Users\Cyrax\Downloads\DownloadManagerSetup.exe
2013-09-30 20:02 - 2013-09-30 20:02 - 00377856 _____ C:\Users\Cyrax\Downloads\9j8qw7cp.exe
2013-09-30 19:47 - 2013-09-30 19:45 - 00377856 _____ C:\Users\Cyrax\Downloads\wry27y19.exe
2013-09-30 19:34 - 2013-09-30 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-30 19:26 - 2012-06-10 10:11 - 00001945 _____ C:\windows\epplauncher.mif
2013-09-30 04:12 - 2013-09-30 04:02 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913 (1).flv
2013-09-30 04:10 - 2013-09-30 04:02 - 59479824 _____ C:\Users\Cyrax\Downloads\Oko magazin 240913.flv
2013-09-30 04:01 - 2013-09-30 03:49 - 82033850 _____ C:\Users\Cyrax\Downloads\Oko 190913.flv
2013-09-30 04:00 - 2013-09-30 03:50 - 75556717 _____ C:\Users\Cyrax\Downloads\Oko magazin 130613.flv
2013-09-30 03:47 - 2013-09-30 03:31 - 99362390 _____ C:\Users\Cyrax\Downloads\Oko 050913.flv
2013-09-30 03:43 - 2013-09-30 03:30 - 66293140 _____ C:\Users\Cyrax\Downloads\Dnevnik 290913.flv
2013-09-29 21:44 - 2013-09-29 21:34 - 158273053 _____ C:\Users\Cyrax\Downloads\Rec na rec 120913.flv
2013-09-29 21:42 - 2013-09-29 21:33 - 140538930 _____ C:\Users\Cyrax\Downloads\Upitnik 160413.flv
2013-09-29 21:18 - 2013-09-29 21:18 - 16856890 _____ C:\Users\Cyrax\Desktop\Riblja Corba - Rekla je.mp4
2013-09-23 20:50 - 2013-07-18 14:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-23 20:50 - 2011-11-11 23:09 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 00:08 - 2009-07-27 12:11 - 00727334 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-23 00:07 - 2011-11-08 20:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Media Player Classic
2013-09-17 23:19 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 01:02 - 2013-09-13 12:29 - 00000000 ____D C:\Users\Cyrax\Desktop\night life
2013-09-16 13:42 - 2009-07-27 12:56 - 00000000 ____D C:\windows\panther
2013-09-16 13:41 - 2009-07-14 06:33 - 00277272 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-16 13:40 - 2013-09-16 13:40 - 00001746 _____ C:\windows\PFRO.log
2013-09-15 16:16 - 2011-11-20 00:21 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2013-09-15 12:02 - 2013-08-12 23:32 - 00000000 ____D C:\windows\system32\MRT
2013-09-15 11:56 - 2011-10-14 10:03 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-14 21:09 - 2013-07-19 18:29 - 00002893 _____ C:\Users\Cyrax\Desktop\New Text Document.txt
2013-09-13 12:25 - 2011-09-28 14:59 - 00063072 _____ C:\Users\Cyrax\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 22:56 - 2011-09-28 14:59 - 00000000 ____D C:\Users\Cyrax
2013-09-11 21:34 - 2011-12-05 08:56 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\Winamp
2013-09-10 22:03 - 2013-09-10 22:02 - 00000017 _____ C:\windows\system32\shortcut_ex.dat
2013-09-10 22:02 - 2011-11-20 00:24 - 00000000 ____D C:\Users\Cyrax\AppData\Roaming\SoftGrid Client
2013-09-10 11:34 - 2013-09-10 11:34 - 00000000 _____ C:\windows\setuperr.log

Some content of TEMP:
====================
C:\Users\Cyrax\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 06:30

==================== End Of Log ============================

Poslao: 09 Okt 2013 21:54
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ajde da ocistimo fles


Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

MyCity » Ambulanta -> Arhiva Ambulante » Veliki Problem sa Trojancem

Ko je trenutno na forumu
 

Ukupno su 744 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 740 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, MilosKop, pirke96, vranjanac29