Reklame i iskakajuci prozori

Reklame i iskakajuci prozori

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Postovanje,
pre par dana ste mi resili problem sa laptopom, ali sada moj drugar ima slican problem, iskacu novi nepoznati prozori poput casino, i slicno, sajtovi su puni reklama, a na internet exploreru izlazi default - search.net prozor. Pokusao je da resi problem preko snimaka sa youtuba, ali nije uspeo. Problem postoji vise meseci. Na kompu nema antivirus. Net je na adsl, i youtube koci. On koristi windows 7. U nastavku prilazem FRST i Additon kao fajl.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by dell (administrator) on DELL-PC on 24-10-2014 18:58:55
Running from C:\Users\dell\Downloads
Loaded Profile: dell (Available profiles: dell)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\NetCrawl\bin\utilNetCrawl.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BOASHelper.exe
() C:\Program Files\NetCrawl\updateNetCrawl.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
() C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-09] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5209C96BEA80CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = default-search.net/search?sid=492&a.....=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = default-search.net/search?sid=492&a.....=ds&p={searchTerms}
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files\NetCrawl\NetCrawlBHO.dll (NetCrawl)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 5.135.165.179 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://rts.dsrlte.com?affID=na
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR DefaultSearchKeyword: Default -> hrome.rs
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
CHR Extension: (Google Drive) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]
CHR Extension: (Google Search) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
CHR Extension: (NetCrawl) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg [2014-09-17]
CHR Extension: (Gmail) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Update NetCrawl; C:\Program Files\NetCrawl\updateNetCrawl.exe [523552 2014-10-24] ()
R2 Util NetCrawl; C:\Program Files\NetCrawl\bin\utilNetCrawl.exe [523552 2014-10-24] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-09] (Aztec Media Inc)
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}w; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys [43192 2014-10-20] (StdLib)
R1 {58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w; C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys [43192 2014-10-21] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}w; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys [43192 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-08] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [52920 2014-08-06] (StdLib)
R1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w; C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys [43192 2014-10-22] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}w; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys [43192 2014-10-20] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 18:58 - 2014-10-24 19:00 - 00011497 _____ () C:\Users\dell\Downloads\FRST.txt
2014-10-24 18:58 - 2014-10-24 18:59 - 00000000 ____D () C:\FRST
2014-10-24 18:56 - 2014-10-24 18:57 - 01103360 _____ (Farbar) C:\Users\dell\Downloads\FRST.exe
2014-10-24 18:55 - 2014-10-24 18:56 - 02112000 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2014-10-23 14:02 - 2014-10-23 04:39 - 00043192 _____ (StdLib) C:\Windows\system32\Drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys
2014-10-22 14:47 - 2014-10-22 00:36 - 00043192 _____ (StdLib) C:\Windows\system32\Drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys
2014-10-22 01:47 - 2014-10-21 11:09 - 00043192 _____ (StdLib) C:\Windows\system32\Drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys
2014-10-21 09:19 - 2014-10-20 21:01 - 00043192 _____ (StdLib) C:\Windows\system32\Drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys
2014-10-20 15:42 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-20 15:42 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-20 15:42 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-20 15:42 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-20 15:42 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-20 15:42 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-20 15:42 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-20 15:42 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-20 15:42 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-20 15:41 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 15:40 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-20 15:40 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-20 15:40 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-20 15:40 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-20 15:40 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-20 15:40 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-20 15:40 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-20 15:40 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-20 15:40 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-20 15:40 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-20 15:40 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-20 15:40 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-20 15:40 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-20 15:40 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-20 15:40 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-20 15:40 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-20 15:40 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-20 15:40 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-20 15:40 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-20 15:40 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-20 15:40 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-20 15:40 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-20 15:40 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-20 15:40 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 15:40 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-20 15:40 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-20 15:40 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-20 15:40 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-20 15:40 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-20 15:40 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-20 15:40 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-20 15:40 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-20 15:38 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 15:38 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 15:38 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 15:37 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-20 15:37 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 15:23 - 2014-10-20 15:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 15:23 - 2014-10-20 15:22 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-20 15:22 - 2014-10-20 15:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-20 15:22 - 2014-10-20 15:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-20 15:22 - 2014-10-20 15:22 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-20 15:22 - 2014-10-20 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 15:21 - 2014-10-20 15:21 - 00000000 ____D () C:\Program Files\Java
2014-10-20 15:05 - 2014-10-20 00:03 - 00043192 _____ (StdLib) C:\Windows\system32\Drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys
2014-09-28 17:39 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 02:43 - 2014-09-25 03:08 - 00000461 _____ () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 18:52 - 2014-06-12 09:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 18:33 - 2014-07-08 23:33 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-24 18:19 - 2014-06-03 02:02 - 01951250 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 18:09 - 2014-09-18 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 18:00 - 2014-07-08 23:35 - 00000000 ____D () C:\Program Files\NetCrawl
2014-10-24 17:43 - 2014-07-09 00:33 - 00000094 _____ () C:\Users\dell\AppData\Roaming\WB.CFG
2014-10-24 17:00 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini
2014-10-24 16:58 - 2009-07-14 06:34 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 16:58 - 2009-07-14 06:34 - 00032000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 16:51 - 2014-07-15 00:47 - 00010196 _____ () C:\Windows\setupact.log
2014-10-24 16:51 - 2014-06-12 09:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 16:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 16:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-21 17:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 10:03 - 2014-06-12 09:59 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 09:35 - 2014-07-15 00:47 - 00267016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 09:33 - 2014-06-04 04:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-20 15:46 - 2014-06-30 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 15:39 - 2014-06-30 15:26 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-20 15:24 - 2014-08-27 03:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-02 15:53 - 2014-06-03 09:21 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-28 17:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-28 17:30 - 2014-06-12 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-28 17:30 - 2014-06-03 09:01 - 00000000 ____D () C:\Users\dell
2014-09-28 17:30 - 2011-04-12 04:21 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-28 17:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-09-24 16:55 - 2010-11-20 23:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\dell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiutiwj.dll
C:\Users\dell\AppData\Local\Temp\dsrsetup.exe
C:\Users\dell\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\dell\AppData\Local\Temp\res.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-22 00:58

==================== End Of Log ============================
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\dell\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\NetCrawl\bin\utilNetCrawl.exe
C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASHelper.exe
C:\Program Files\NetCrawl\updateNetCrawl.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-09] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
c:\program files\settings manager
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&a.....=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&a.....=ds&p={searchTerms}
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File
BHO: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files\NetCrawl\NetCrawlBHO.dll (NetCrawl)
C:\Program Files\NetCrawl
CHR Extension: (NetCrawl) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg [2014-09-17]
C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg
R2 Update NetCrawl; C:\Program Files\NetCrawl\updateNetCrawl.exe [523552 2014-10-24] ()
R2 Util NetCrawl; C:\Program Files\NetCrawl\bin\utilNetCrawl.exe [523552 2014-10-24] ()
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}w; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys [43192 2014-10-20] (StdLib)
R1 {58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w; C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys [43192 2014-10-21] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}w; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys [43192 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-08] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [52920 2014-08-06] (StdLib)
R1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w; C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys [43192 2014-10-22] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}w; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys [43192 2014-10-20] (StdLib)
C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys
C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys
C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys
C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys
C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys
EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.





Korak 2.





Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Evo fixlog


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2014
Ran by dell at 2014-10-24 20:20:49 Run:1
Running from C:\Users\dell\Downloads
Loaded Profile: dell (Available profiles: dell)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\dell\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\NetCrawl\bin\utilNetCrawl.exe
C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASHelper.exe
C:\Program Files\NetCrawl\updateNetCrawl.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-09] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
c:\program files\settings manager
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = default-search.net/search?sid=492&a.....=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = default-search.net/search?sid=492&a.....=ds&p={searchTerms}
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> No File
BHO: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files\NetCrawl\NetCrawlBHO.dll (NetCrawl)
C:\Program Files\NetCrawl
CHR Extension: (NetCrawl) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg [2014-09-17]
C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg
R2 Update NetCrawl; C:\Program Files\NetCrawl\updateNetCrawl.exe [523552 2014-10-24] ()
R2 Util NetCrawl; C:\Program Files\NetCrawl\bin\utilNetCrawl.exe [523552 2014-10-24] ()
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}w; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys [43192 2014-10-20] (StdLib)
R1 {58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w; C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys [43192 2014-10-21] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}w; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys [43192 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-08] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [52920 2014-08-06] (StdLib)
R1 {6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w; C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys [43192 2014-10-22] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}w; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys [43192 2014-10-20] (StdLib)
C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys
C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys
C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys
C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys
C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys
EmptyTemp:
End
*****************

C:\Windows\Tasks\Digital Sites.job => Moved successfully.
C:\Program Files\NetCrawl\bin\utilNetCrawl.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOASHelper.exe => Moved successfully.
C:\Program Files\NetCrawl\updateNetCrawl.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe => Moved successfully.
"C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe" => File/Directory not found.
"C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe" => File/Directory not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
c:\program files\settings manager => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key deleted successfully.
"HKCR\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key deleted successfully.

"C:\Program Files\NetCrawl" directory move:

C:\Program Files\NetCrawl\0 => Moved successfully.
C:\Program Files\NetCrawl\7za.exe => Moved successfully.
C:\Program Files\NetCrawl\NetCrawl.ico => Moved successfully.
C:\Program Files\NetCrawl\NetCrawlBHO.dll => Moved successfully.
C:\Program Files\NetCrawl\NetCrawlUninstall.exe => Moved successfully.
C:\Program Files\NetCrawl\pfhnkainfgebjkhaoadlkjgjhhgpbohg.crx => Moved successfully.
C:\Program Files\NetCrawl\updateNetCrawl.InstallState => Moved successfully.
C:\Program Files\NetCrawl\bin\3c9eada7386c4a04ab1e.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\3c9eada7386c4a04ab1e64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\58ff284e6a3e41bc8147.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\58ff284e6a3e41bc814764.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6191cc235db44079aaac.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6191cc235db44079aaac64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6fcd609296154f7f8898.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6fcd609296154f7f889864.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6fd9ae77e80c4df0b53d.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\6fd9ae77e80c4df0b53d64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\7za.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\BrowserAdapter.7z => Moved successfully.
C:\Program Files\NetCrawl\bin\BrowserAdapterS.7z => Moved successfully.
C:\Program Files\NetCrawl\bin\cfbbf934a23442828ef3.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\cfbbf934a23442828ef364.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOAS.zip => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOASHelper.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BOASPRT.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter64.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserFilter.Helper.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.BrowserFilter.Helper.dll.old.82a62784-d00f-46af-a6cf-33bdf2cd0096 => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.zip => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowseG.zip => Moved successfully.
C:\Program Files\NetCrawl\bin\NetCrawlBrowserFilter.exe => Moved successfully.
C:\Program Files\NetCrawl\bin\sqlite3.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\tmp354F.tmp => Moved successfully.
C:\Program Files\NetCrawl\bin\tmp7C03.tmp => Moved successfully.
C:\Program Files\NetCrawl\bin\tmp8D32.tmp => Moved successfully.
C:\Program Files\NetCrawl\bin\utilNetCrawl.InstallState => Moved successfully.
C:\Program Files\NetCrawl\bin\{3c9eada7-386c-4a04-ab1e-4eb122397ced}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{3c9eada7-386c-4a04-ab1e-4eb122397ced}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6191cc23-5db4-4079-aaac-546c45b08af1}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6191cc23-5db4-4079-aaac-546c45b08af1}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6fcd6092-9615-4f7f-8898-8df53980e5d2}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{cfbbf934-a234-4282-8ef3-310abb84c3e4}.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\{cfbbf934-a234-4282-8ef3-310abb84c3e4}64.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.BOAS.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.Bromon.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.BroStats.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapter.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserFilter.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.GCUpdate.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.Msvcmon.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.OfSvc.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowse.dll => Moved successfully.
C:\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll => Moved successfully.
Could not move "C:\Program Files\NetCrawl" directory. => Scheduled to move on reboot.

C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg => Moved successfully.
"C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhnkainfgebjkhaoadlkjgjhhgpbohg" => File/Directory not found.
Update NetCrawl => Unable to stop service
Update NetCrawl => Service deleted successfully.
Util NetCrawl => Unable to stop service
Util NetCrawl => Service deleted successfully.
{3c9eada7-386c-4a04-ab1e-4eb122397ced}w => Service stopped successfully.
{3c9eada7-386c-4a04-ab1e-4eb122397ced}w => Service deleted successfully.
{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w => Service stopped successfully.
{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w => Service deleted successfully.
{6191cc23-5db4-4079-aaac-546c45b08af1}w => Unable to stop service
{6191cc23-5db4-4079-aaac-546c45b08af1}w => Service deleted successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw => Service stopped successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw => Service deleted successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w => Service stopped successfully.
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w => Service deleted successfully.
{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w => Service stopped successfully.
{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w => Service deleted successfully.
{cfbbf934-a234-4282-8ef3-310abb84c3e4}w => Service stopped successfully.
{cfbbf934-a234-4282-8ef3-310abb84c3e4}w => Service deleted successfully.
C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w.sys => Moved successfully.
C:\Windows\System32\drivers\{58ff284e-6a3e-41bc-8147-d768e1c0e4a3}w.sys => Moved successfully.
C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w.sys => Moved successfully.
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys => Moved successfully.
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys => Moved successfully.
C:\Windows\System32\drivers\{6fd9ae77-e80c-4df0-b53d-23fcb52b001a}w.sys => Moved successfully.
C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w.sys => Moved successfully.
EmptyTemp: => Removed 973.2 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-24 22:07:50)<=

C:\Program Files\NetCrawl => Is moved successfully.

==== End of Fixlog ====


Malware nije detektovan.
Evo izvestaja:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
malwarebytes.org

Database version: v2014.10.24.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17358
dell :: DELL-PC [administrator]

24.10.2014 22:21:53
mbar-log-2014-10-24 (22-21-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272052
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 1038065664, free: 284889088

Downloaded database version: v2014.10.24.08
Downloaded database version: v2014.10.22.01
=======================================
Initializing...
------------ Kernel report ------------
10/24/2014 22:21:32
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84eb87c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff84a08908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84eb87c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84eb84a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84eb87c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84a08908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CCCDCCCD

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 156102656

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80032038912 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156292576-156312576)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


autoclean;
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Zoek.exe v5.0.0.0 Updated 24-10-2014
Tool run by dell on sub 25.10.2014 at 2:40:11,61.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dell\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.10.2014 2:42:15 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\dell\AppData\Roaming\DigitalSites deleted
C:\Users\dell\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted
C:\Users\dell\AppData\Roaming\Systweak deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak deleted
C:\PROGRA~2\systemk deleted
C:\Users\dell\Downloads\DownloadManagerSetup.exe deleted
C:\Users\dell\Downloads\rcp_dcomnew_sec_728.exe deleted
C:\Users\dell\AppData\LocalLow\DataMngr deleted
C:\Windows\system32\tasks\Digital Sites deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\roboot.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\dell\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-10-20 13:42:17 1333DD61BA97EE3F9DF23A0D65A70AA0 230912 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-20 13:42:16 0F655F9B3EBB3E05698B8F905F48953C 396288 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-20 13:42:14 975CB5016F5C5520607F6CA6768F161B 302592 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-20 13:42:09 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-20 13:42:09 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-20 13:42:08 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\System32\winsta.dll
2014-10-20 13:42:08 E05E31F7BF577228E27CFFCA5B54ABBD 523264 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-20 13:42:08 B4203FC65D4C0D7A0B7A02AFD13472BB 130048 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-10-20 13:42:08 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-20 13:42:08 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\System32\TSpkg.dll
2014-10-20 13:42:07 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\System32\credssp.dll
2014-10-20 13:41:23 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys
2014-10-20 13:40:52 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\System32\rastls.dll
2014-10-20 13:40:49 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-20 13:40:45 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-10-20 13:40:45 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-20 13:40:45 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-10-20 13:40:44 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-20 13:40:44 CEA291F4C62ECBE1565EC4B37D9AF088 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-10-20 13:40:44 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-20 13:40:44 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-20 13:40:44 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-20 13:40:44 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-20 13:40:43 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\System32\wininet.dll
2014-10-20 13:40:41 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-20 13:40:40 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-20 13:40:39 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-20 13:40:38 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-10-20 13:40:37 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-10-20 13:40:37 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-20 13:40:35 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-10-20 13:40:34 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-20 13:40:33 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-20 13:40:30 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-10-20 13:40:30 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\System32\iernonce.dll
2014-10-20 13:40:30 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-20 13:40:29 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-10-20 13:40:29 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-10-20 13:40:29 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-20 13:40:28 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-20 13:40:26 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\System32\iesetup.dll
2014-10-20 13:40:26 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-20 13:40:26 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\System32\msrating.dll
2014-10-20 13:40:25 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-20 13:38:09 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-20 13:38:08 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\System32\mscories.dll
2014-10-20 13:38:08 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-20 13:37:53 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\System32\msi.dll
2014-10-20 13:37:20 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\System32\packager.dll
2014-10-20 13:23:20 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\System32\javaws.exe
2014-10-20 13:22:37 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\System32\javaw.exe
2014-10-20 13:22:37 279C281689A48D1CAF37338CAB312C06 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2014-10-20 13:22:37 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\System32\java.exe
====== C:\Windows\system32\drivers =====
2014-10-24 20:21:31 6802E1A143C49D7BDAB0BF952E5A231C 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-24 20:18:04 EA6FC4074EB53342249CCE7DAE9F3A85 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-20 13:42:08 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-20 13:42:07 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-20 13:23:46 -------- d-----w- C:\Program Files\Common Files\Java
2014-10-20 13:21:52 -------- d-----w- C:\Program Files\Java
======= C: =====
====== C:\Users\dell\AppData\Roaming ======
====== C:\Users\dell ======
2014-10-24 20:15:29 DFF72B75746001A9060AB2B80310012E 14349744 ----a-w- C:\Users\dell\Downloads\mbar-1.07.0.1012.exe
2014-10-24 16:56:54 59AF7F2F017F437BD09A382836001B78 1103360 ----a-w- C:\Users\dell\Downloads\FRST.exe
2014-10-20 13:22:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==
2014-10-24 20:17:55 9689A7E5F79A661E8BAA83819482A33E 54072 ----a-w- C:\Users\dell\Desktop\mbar\mbamdor.exe
2014-10-24 20:17:55 830259CA42B59F809F1E01BAF29FA4A2 1184056 ----a-w- C:\Users\dell\Desktop\mbar\mbar.exe
2014-10-24 20:17:55 5F9B2112F55EC84DBF4C5DAA8CA58402 821560 ----a-w- C:\Users\dell\Desktop\mbar\Plugins\fixdamage.exe
2014-10-24 20:15:29 DFF72B75746001A9060AB2B80310012E 14349744 ----a-w- C:\Users\dell\Downloads\mbar-1.07.0.1012.exe
2014-10-24 19:01:46 107AB0820F277E19D3A6D5A2EF98BDC0 524064 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\updateNetCrawl.exe
2014-10-24 18:26:37 A37F5496334FA5D0F2B3D362EBA530AC 114976 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BrowserAdapter64.exe
2014-10-24 18:26:37 43DE8A434F2BE86B14AA6553201AC7EE 98592 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BrowserAdapter.exe
2014-10-24 18:26:35 D65895CB6AE9B950A4B2F91B46980DE0 1649952 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BOASHelper.exe
2014-10-24 18:26:35 A27806B1D05B311D59C2B803DFCBF74B 1786656 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BOASPRT.exe
2014-10-24 18:26:35 72851D978AC9191A2598AD5D04543619 1791264 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BOAS.exe
2014-10-24 16:56:54 59AF7F2F017F437BD09A382836001B78 1103360 ----a-w- C:\Users\dell\Downloads\FRST.exe
2014-10-22 23:47:18 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-22 23:47:18 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-22 23:47:18 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-22 23:47:14 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-22 23:47:14 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-22 23:47:14 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-22 23:47:13 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-22 23:47:09 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-21 07:56:52 EC87C870FC286178E461C1D917567DCE 41081424 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-20 13:42:15 F11D36A08D5A3F23D0DFE90A1BE15FE2 42656 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-10-20 13:42:15 113D9258E5B69187A804AEF6B39647B8 138912 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-20 13:42:09 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-20 13:40:45 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-10-20 13:40:44 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-20 13:40:44 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-20 13:40:30 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-10-20 13:40:30 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-20 13:40:27 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-20 13:40:23 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-10-20 13:23:20 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\System32\javaws.exe
2014-10-20 13:22:37 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\System32\javaw.exe
2014-10-20 13:22:37 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\System32\java.exe
2014-10-20 13:22:17 EAFDA2D17FF6CC0B2AFEE21E9134EBF8 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-10-20 13:22:17 CBE8C6FAEDBA9A2C2577133F0321CBD8 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-10-20 13:22:16 DB769E9AE525963168BD4B60BFBF55EB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-10-20 13:22:16 BFEC01FEA21A749C43DE15F1644E7900 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-10-20 13:22:16 BDB4ABB929ADBC7B98E1087830809564 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-10-20 13:22:16 9FF29AE2E75939EFF8A390AD51F5FEFF 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-10-20 13:22:16 9D9A28606B59C3D8D8FD1F7704AAAD81 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-10-20 13:22:16 74222EDB01CF2D9865D8AC1EEE7C5B63 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-10-20 13:22:16 6DCF8B667B6C9AD851B2B5CB256521ED 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-10-20 13:22:15 EEFD7F935D944118FED39D3041352990 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-10-20 13:22:15 DBDB1A25291B2D18C614F5CA963156A8 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe
2014-10-20 13:22:15 C935769C537A94BC026BD813015DA450 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-10-20 13:22:15 93F297984DB0561694F6454A3066D542 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-10-20 13:22:15 6A4970A237A9FE01A36C4181E2A8C1B0 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-10-20 13:22:14 93CFE0C1473D2220FBDA2A9C08848F34 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-10-20 13:22:13 D3BC8953C21770FC147064B0BAE78063 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-10-20 13:22:13 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-10-20 13:22:13 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-10-20 13:22:12 E04E87CDF6CA797BA7C8EA45228FE9E0 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-10-20 13:22:12 DD8E9CE0BDF8CE1131004673D9C5444D 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-10-20 13:22:12 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-10-20 13:18:07 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\dell\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe
2014-10-20 12:58:52 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe
=== C: other files ==
2014-10-24 20:21:31 6802E1A143C49D7BDAB0BF952E5A231C 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-24 20:18:04 EA6FC4074EB53342249CCE7DAE9F3A85 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-24 19:00:55 5325AD41B8A5C932FD0D8BDD4216A01B 5409 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\pfhnkainfgebjkhaoadlkjgjhhgpbohg.crx
2014-10-24 18:26:35 F5BEFAF9A166A45DA8D137F0097EBC2D 2411923 ----a-w- C:\FRST\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll\bin\NetCrawl.BOAS.zip
2014-10-20 13:42:08 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-20 13:42:07 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-20 13:41:23 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys
2014-10-20 13:22:18 EC9D939B904C3A942484AFB3293AA413 18714 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2197057785-1928296377-2768755784-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.09.2014 15:42]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12.06.2014 09:57]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

Google Docs - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=14 6569249 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\dell\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dell\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on sub 25.10.2014 at 3:01:53,15 ======================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kazi mi kakvo je stanje sada?

offline
  • eugrom  Male
  • Novi MyCity građanin
  • Student
  • Pridružio: 20 Okt 2014
  • Poruke: 18
  • Gde živiš: Beograd

Nema vise reklama,default search vise ne postoji,nema otvaranja novih nepoznatih prozora,sada je bas Ok!

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Instaliraj neki antivirus obavezno.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 1067 korisnika na forumu :: 43 registrovanih, 5 sakrivenih i 1019 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., AleksSE, Andrija357, Arahne, Asparagus, Battlehammer, bokisha253, Boris BM, Brana01, Cassius Clay, comi_pfc, dijica, Dimitrije Paunovic, draganca, FOX, Georgius, hologram, ivan1973, Ivica1102, janbo, JOntra, Kriglord, Kubovac, KUZMAR, Leonov, lord sir giga, Luka Blažević, Magistar78, MikeHammer, Milos82, Misirac, nebkv, opt1, Outis, procesor, raptorsi, stegonosa, Trpe Grozni, VJ, Vlada78, wolf431, Zerajic