Da li je poseta sajtu uzrok problema?

1

Da li je poseta sajtu uzrok problema?

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Napisano: 22 Nov 2014 19:08

Поштовани, посећујем с времена на време један наш домаћи сајт преко кога online гледам филмове и серије. Уколико је потребно, написаћу касније и који је тој сајт. Јуче, када сам га посетио са намером да наставим са гледањем једне серије и при "клику" на линк од епизоде, појавила ми се на browser-у црвена позадина, на којој пише да ме Google упозорава на могући phishing и са упозорењем да одустанем или на свој ризик наставим даље. Наравно, нисам наставио али због интересовања, кликнем на епизоде које сам данима раније гледао и опет изађе исто упозорење. Да ли је случајност или је повезано са тим, не знам али од тада када год клинем на иконицу од Chrome, треба ми али буквало и по петнаест минута да прође да би се browser "отворио".
Ако није проблем, молио бих вас да проверите да ли сам ипак нешто "закачио" па сада имам тај проблем. У напред захваљујем.
https://www.mycity.rs/must-login.png

Dopuna: 22 Nov 2014 19:10

из неког разлога, не могу прикачити и други фајл. Када опет кликнем не "прикачи фајл", ништа се не дешава.

Dopuna: 22 Nov 2014 19:23

Заборавих још и ово написати, Мало сам ради знатижеље "срфовао" преко Tor Browser-а, па...
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10619
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Postavljeni FRST.txt nije kompletan. Pokušaj da ga ponovo okačiš.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10619
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Iako mi ovo izgleda čisto, zbog nekih stvari moraćemo obaviti dublju analizu.

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Мало се намучих са Zoek-ом, али ево извештаја
https://www.mycity.rs/must-login.png

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by PBucevac at 2014-11-22 19:43:41 Run:1
Running from C:\Users\PBucevac\Desktop
Loaded Profile: PBucevac (Available profiles: PBucevac)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====





https://www.mycity.rs/must-login.png


Zoek.exe v5.0.0.0 Updated 21-11-2014
Tool run by PBucevac on 22-Nov-14 at 20:08:48.47.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PBucevac\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-22-190756.log 30656 bytes

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\PBucevac\AppData\Local\Temp ====
====== Java Cache =====
2014-11-16 06:51:03 2066A4D2DE7175F9D4F4D669921AAEBD 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\29aa5ed0-25a50357d69997e7068299010e5fd59d9b8b36af58ff9d0c0356a6dbbc416363-6.0.lap
2014-11-16 12:25:58 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6138cb91-725e946c
2014-11-16 12:40:47 67666533381CCE9C8A492447F9B05E62 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\e19f698-e0b97bf9f98d2542f7d5079a2cea1448936e11b2fe016f82cf3c6d677f6adbd9-6.0.lap
2014-11-12 16:33:25 077B83A896CAB0F20CCAC5ED18DAA892 436 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dd82c59-a44f0d01dec9a74a89d9a55f92a45c11cb6331685c492320414385b73970900c-6.0.lap
2014-11-13 20:59:00 1B4CD496C0AAC8E4BCD61A3AA4B2F7CD 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1cbdd1de-e60f79118f50e8f5fc5cbc99f6727190ae60acb1389379664a12e896d06064e5-6.0.lap
2014-11-12 16:30:02 E4ECDAC2B668A94F3B5C4CF5C878761D 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\18a9d1a5-3e46143f8d494bb507fb759232bb948f324eeb8014266388573bf0519b810c71-6.0.lap
2014-11-12 16:33:36 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\76e88467-42b0cc59
2014-11-16 06:01:44 96C76467964F53C6AFAF75DA80D6CD5B 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\63365c6f-5c0b856139bc47b74ddeb9fa764b192f41e166cc33c64fa865d8a9b97522c524-6.0.lap
2014-11-16 11:28:07 B661EDC94700A6E59938A5763267D47B 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\cb85385-684ff9c981808fd54d1be5377df1f6e690efad80118991f09d08b74b17f0d453-6.0.lap
2014-11-16 13:19:27 0F7840D8F59F13280390526E3008E997 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\669ca2b7-6960edf6c7d4246547ff44066a6ddc0943489fe2bbbed81a9bf89e3d80db3188-6.0.lap
2014-11-16 06:03:30 89DF5B0DC794BC9ADB2DBEC9905E71E9 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\465935b9-5d2c3f311d38ab6a1e9885c42bf5da61bb2e706f72e249fdfe20f976b8e3b6d7-6.0.lap
2014-11-16 21:53:33 4DF100D5671BF51D7C8409A4F5616F7D 439 ----a-w- C:\Users\PBucevac\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7023df06-ff1ce1096bc2751d6deeb68f1a8a75cbb30417d214f315948ba09baa96e1bd3c-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-11-19 15:51:46 66F97677CC13F7B9E2408CC75750A389 208896 ----a-w- C:\Windows\SysWOW64\pku2u.dll
2014-11-19 15:51:46 4CD4C8D34213975444643A5F9594E363 806400 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-11-13 15:39:16 5F333FDBF392850373C89BDA31EBEC1B 1346048 ----a-w- C:\Windows\SysWOW64\user32.dll
2014-11-13 15:39:08 3B45EA6108E48406828D4E015FF41DD0 12800 ----a-w- C:\Windows\SysWOW64\winshfhc.dll
2014-11-13 15:38:09 46FBD043A1688EFD6AC1395EE886AD33 3607040 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-11-13 15:38:07 B09332CC976AC43EFF595B6F01AA275C 2459136 ----a-w- C:\Windows\SysWOW64\authui.dll
2014-11-13 15:38:06 48C20EB77757F22840FF4CED98D8DEB1 325120 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2014-11-12 21:35:22 07330241FD9D9A03811DDBDC4F9FD18F 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-11-12 21:33:22 154532E0EC2317E6924A9D27F894FF2F 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-11-12 21:33:04 3CA90FDAB95FB2B0D91249BEDE3DE0D9 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-11-12 21:33:00 03D7DF4711B851EF286562F97429211D 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-11-12 21:32:58 027A2CF002AD94399B51C07E855E3B2B 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-11-12 21:32:56 F169B03C4B9996708DB20FF0C875B4FF 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 21:32:56 98D83B6B4FBA32C39585D1E07121BEA0 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-11-12 21:32:55 8A88AD059EDC1014D5D6A472A6D1D66C 661504 ----a-w- C:\Windows\SysWOW64\jscript.dll
2014-11-12 21:32:53 A6145F4F8C69C3B46653B1C5E75A7BD6 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 21:32:53 8FC2FB51EB90E6AA582BDBA39C1935FD 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 21:32:52 EF7A48E5955736BEECF0B0ABB478E90E 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-11-12 21:32:51 E855B15E1BE0B58F84843D31F4CC4795 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-11-12 21:32:50 1BE74145FDF58734CFE968063533FBEC 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 21:32:50 108D84EE2359C595CCEA32820A2D5405 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 21:32:49 7BCC24D058205664BD700D272B169AEC 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 21:32:49 7B0D22C64F9B6A8CD79EFADD29700693 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 21:32:46 9F6204775EB03156B430FD095E3D0B5C 325632 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 21:32:46 151E64E5D34DFB95D57B5B97C50DE64D 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2014-11-12 21:32:45 BE5EDCACB9E83C3695F650094367740C 99328 ----a-w- C:\Windows\SysWOW64\hlink.dll
2014-11-12 21:32:44 8DFBD587DBEBBC8EB50AD169DE88C449 340992 ----a-w- C:\Windows\SysWOW64\html.iec
2014-11-12 21:32:43 DCFF6E5356CFF5B50BBA0FAAE01A0412 90624 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 21:32:43 236AD481F1632F4CE7E9835FFD4AF41D 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-11-12 21:32:42 ED5A4451A1A2777C6C5DB4238FD09078 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 21:32:42 8A109878FA68DD1A4C91D8D499797E22 128000 ----a-w- C:\Windows\SysWOW64\iepeers.dll
2014-11-12 21:32:42 45CDC0E37774D30BEE8C5F62CE30D599 1042944 ----a-w- C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 21:32:42 1D391C687102569FD1EA154F0C1A4CE8 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll
2014-11-12 21:32:35 615D259116D1B331911CE28C8CD1CCF3 73216 ----a-w- C:\Windows\SysWOW64\tdc.ocx
2014-11-12 21:32:35 0FEEFF4B96CA5972121F59525142A14E 52736 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 21:32:35 02FF387F6228169EDDCB41F5E4B1A4E4 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 21:32:34 FC51834D5057B9D7847666AE88BC981C 130048 ----a-w- C:\Windows\SysWOW64\occache.dll
2014-11-12 21:32:34 F1313045CDCBBC4C90C34AEF67CEE088 112128 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 21:32:34 971D57DFB6F3FBC98EB74D1AF8E3C13B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 21:32:34 159199095C9959BE75E61C0FF947708F 152064 ----a-w- C:\Windows\SysWOW64\iexpress.exe
2014-11-12 21:32:33 FCAF49AE2E10EF3823262D10E7F2D0DE 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 21:32:33 8D1E12756ED6F1FDB026AD3CF264F90C 40448 ----a-w- C:\Windows\SysWOW64\imgutil.dll
2014-11-12 21:32:33 53E15B8DBD615567CA8895D65746C8D3 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 21:32:32 59607FB7C6B84860CE2D1C5F7C57E052 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 21:32:31 EF7B7299A1D6604AD3CA2CE1BEF8C8F3 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-11-12 21:32:31 A66A88FFE53BBB9DDAACE0110A8232EC 137728 ----a-w- C:\Windows\SysWOW64\wextract.exe
2014-11-12 21:32:31 316280CC22CBB15271A91D83CDFB73C3 27136 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 21:32:31 0812A503FF349D1DCEEB820B2E4FEE15 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 21:32:30 3C544C566EE7091AC52D4D9156C62687 235520 ----a-w- C:\Windows\SysWOW64\url.dll
2014-11-12 21:32:30 26F4BDB6EA83011885E217A51A4A3E68 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-11-12 21:32:28 3FA76B67F25D84B3C2A4E8A8C0919E6E 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe
2014-11-12 21:32:28 1BD4CD20A25B4A3A5F7BAAC25E9D9202 11264 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 20:39:23 CA23E168518460519DC8D49EC6AD9550 18723112 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-11-12 20:39:16 1FB4389CA807D59B105B0827FCC8F768 11820544 ----a-w- C:\Windows\SysWOW64\twinui.dll
2014-11-12 20:39:15 1793FC07D568C930C04F9FF40FFF9A69 799744 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 20:39:15 0EEE3F2278E447498B2CDBDF34C63C91 670384 ----a-w- C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 20:39:13 C1AD30D5E28B4291D4A16BC6944ABC0C 2030592 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 20:39:12 A208DEE0CD61E24817C26D5A05503DA7 334336 ----a-w- C:\Windows\SysWOW64\puiobj.dll
2014-11-12 20:39:06 17FC09725FEE2546B96A938288509719 485376 ----a-w- C:\Windows\SysWOW64\untfs.dll
2014-11-12 20:39:01 46C1902654FF54C835E4C4E8C14B7F2A 239104 ----a-w- C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 20:27:02 3BF6BEBD0A5666BDB426A734A4578D9B 1346048 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-11-12 19:37:05 791BDC9FD3C95F92C7DB2162132C8645 324096 ----a-w- C:\Windows\SysWOW64\certcli.dll
2014-11-12 19:37:04 DDAAC7C966436938526D4CF4C6042A5C 154112 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2014-11-12 19:37:04 A22688490DCC2DA19441CA09EF7299BF 736768 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-11-12 19:27:45 F344D6066EA270AABABA83E2A6B6428F 723968 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2014-11-12 19:27:44 DC523277A7EC2336A654960E08EB5BDC 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2014-11-12 19:27:44 529122F3ADC548F0CCBB6164D86FA116 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 19:27:43 514AEA6CF4B70FAA30A2BC4B4CC10A39 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-11-12 19:27:42 C17F3F1EE09758CF9D234B22B80A1006 25600 ----a-w- C:\Windows\SysWOW64\wups.dll
2014-11-12 19:27:11 75D0FAD0165770819770628239BF57DB 602768 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 18:56:13 BC426A818B7F3DB5F509BC1B62FF1501 357376 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-11-12 18:56:11 B2AC9E081A847ACBD5B62BE25AF39DA1 88800 ----a-w- C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 16:19:43 D1A07DE4DC408E5AA5CFBAE261919BDC 72192 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-11-12 16:19:16 FACBA112943A89FBB8AC25085521924F 344536 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:19:16 0CBA301F325F922FAFB3B83AD3337BB2 370424 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:19:15 22B2920A0857BDD61B1331C30AD76F30 424544 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-19 15:51:47 E87F8EC00FEEF700E61F6989D88A8BC2 991232 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-19 15:51:46 788C7D910267DDCD675DF4AB01961265 259584 ----a-w- C:\Windows\Sysnative\pku2u.dll
2014-11-13 15:39:18 F0A117D19873FCDF801F082F33BFBB6C 1519488 ----a-w- C:\Windows\Sysnative\user32.dll
2014-11-13 15:39:08 668417ED63F9FBE7DD8D7A54B04279DA 14336 ----a-w- C:\Windows\Sysnative\winshfhc.dll
2014-11-13 15:38:09 EF745B98D81B8C462DB99FC8B5C4322A 3320320 ----a-w- C:\Windows\Sysnative\msi.dll
2014-11-13 15:38:08 D5B41A0C38408814A3E9BAC8C82B2E5B 2773504 ----a-w- C:\Windows\Sysnative\authui.dll
2014-11-13 15:38:06 D0C15BC83B3D0AF4F9B1D70216D91794 428032 ----a-w- C:\Windows\Sysnative\msihnd.dll
2014-11-13 15:38:05 D1A2E993DB1867C79177CCC9DB6337D0 116032 ----a-w- C:\Windows\Sysnative\consent.exe
2014-11-13 15:38:05 034ED41F13D9C1845C1E081F05B640DB 110080 ----a-w- C:\Windows\Sysnative\appinfo.dll
2014-11-13 15:34:56 9E20A052D83A81AEC35B2EA29F32637A 391168 ----a-w- C:\Windows\Sysnative\devinv.dll
2014-11-13 15:34:56 91BB0DDA472733457072DA61178FA48E 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-11-13 15:34:55 22ED46DE0E684749DA1BD703526FAA26 537088 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-11-13 15:34:54 D18149850795E7203610CEE9491515F1 304128 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-11-13 15:34:53 F00E643D9244F31ECF5DE8A98C2C5FC6 98816 ----a-w- C:\Windows\Sysnative\aepic.dll
2014-11-12 21:35:23 6432F143CDC9D73BD2BF832CAB2EDC01 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-11-12 21:33:38 BED4D30B7FF094E368333CE2D1CE3195 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-11-12 21:33:09 079FEE6FC11A74E4309B6A10931C1CB2 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-11-12 21:33:01 BF1FC65A307B31939ADF7F976FDE033C 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-11-12 21:32:59 559E084EEBE44864493B2903433F19B3 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-11-12 21:32:58 22CBDB8810CBED0B4F5E4BE69D7E2AE8 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-11-12 21:32:57 62D54F4673A6208C8CC147758122B3C3 2865152 ----a-w- C:\Windows\Sysnative\actxprxy.dll
2014-11-12 21:32:57 46B5DD7C4B1851F59E48302185E076DF 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll
2014-11-12 21:32:54 DE58DE2C6C8439B7174D6D3568AA4A80 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-11-12 21:32:54 587DEBB59F5F14C9610966FB14A33607 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-11-12 21:32:54 0D03DAD6BB183156C70F863D0F2FA55A 812544 ----a-w- C:\Windows\Sysnative\jscript.dll
2014-11-12 21:32:53 200CEA827BDC503F00C0AED0EA227D49 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-11-12 21:32:51 258C3082AD82C1AAD335DA3FE2D3EB25 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-11-12 21:32:50 175C139D51F99099D1BDA17794B02191 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-11-12 21:32:49 F7522B00C823794F86ABD5BE1F3D6B09 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-11-12 21:32:49 62E2FCF45F349DE6CAFB3AA7E1D81DA4 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-11-12 21:32:48 BC3B7CCE855F9A8E7BC96F7062229A02 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-11-12 21:32:47 A7F53772ECAE2F44B455D14F71179940 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-11-12 21:32:46 853BB696932E4C48EE7034BFF1209A5A 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
2014-11-12 21:32:44 F0A53129AE95A895EC8C4DC36E1797A2 108544 ----a-w- C:\Windows\Sysnative\hlink.dll
2014-11-12 21:32:44 9CD8D475F462F82E6FD8BFCA7186ACD4 372736 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-11-12 21:32:43 FD7C8FAC461BED1FEEB808E477D884D4 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-11-12 21:32:43 E40D3696BE4852956669C285038B37A6 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-11-12 21:32:43 AF28C90094C4C50F083599C10D2DC072 145408 ----a-w- C:\Windows\Sysnative\iepeers.dll
2014-11-12 21:32:43 8AE1AC97407CD82D8389390C21430579 111616 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2014-11-12 21:32:43 1C3C54FA2D620DF3093F356A56EC5957 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-11-12 21:32:37 2E475D2FCE0125FA0C486DB9D59E739B 417280 ----a-w- C:\Windows\Sysnative\html.iec
2014-11-12 21:32:37 00FB2FB8C27C834CF575BC415B80F995 87552 ----a-w- C:\Windows\Sysnative\tdc.ocx
2014-11-12 21:32:35 C9AB2198141844D3DF96B4552CE9D5AB 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-11-12 21:32:35 A348DEFC16B6FBC88B7D61C3B861BCB1 107520 ----a-w- C:\Windows\Sysnative\inseng.dll
2014-11-12 21:32:35 85E97591864F3125C5B08FB44E0E8078 60416 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
2014-11-12 21:32:35 2CEACC509889A095828F27115257408D 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-11-12 21:32:34 F79E5258AF040A8AD83C7C1273A071C3 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-11-12 21:32:34 70576D76A11DD5AE54E719297A315F90 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-11-12 21:32:33 DD8FD33C108F14681A410067AB21DDF3 152064 ----a-w- C:\Windows\Sysnative\occache.dll
2014-11-12 21:32:33 3721721151DB49457B0FD35E0C04594C 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-11-12 21:32:32 161BC2E883A8D8759A4DCF2A85AF9128 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll
2014-11-12 21:32:31 D66D11191B48007179B0A77DC0717267 33280 ----a-w- C:\Windows\Sysnative\licmgr10.dll
2014-11-12 21:32:31 6096209CB47D61499C3608B9C25B073C 64512 ----a-w- C:\Windows\Sysnative\pngfilt.dll
2014-11-12 21:32:30 F54E1190251EB245183BF16D6C315613 237568 ----a-w- C:\Windows\Sysnative\url.dll
2014-11-12 21:32:30 6A7F8D139610E5F3F158182778EF9275 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-11-12 21:32:29 CDC8A85EB301A8CBE55A81A1D55AF5E5 132096 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll
2014-11-12 21:32:29 4B9C652BD0FD95A9E6123913C35519D6 143872 ----a-w- C:\Windows\Sysnative\wextract.exe
2014-11-12 21:32:28 E99E2E88BFE584184AE92B1F8995CE93 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-11-12 21:32:28 CA2F3153EF3BCB0BD3A8984C933DF604 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe
2014-11-12 21:32:28 A3871DED5ED88F59C0D1396761708F81 13824 ----a-w- C:\Windows\Sysnative\mshta.exe
2014-11-12 21:32:28 66585D645C4E23A0FD5124BD714AE020 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
2014-11-12 20:39:27 1D303CE5BCBD5B80BBA08321F28A3F86 21197152 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-11-12 20:39:24 BCE66E78D388875B87286CA091E7075F 7484224 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2014-11-12 20:39:21 1907823D5ACFD75D1D8C0D4318299726 2714112 ----a-w- C:\Windows\Sysnative\SettingsHandlers.dll
2014-11-12 20:39:20 C4306ADC38939CAC60EA38AAD9F170C0 13424128 ----a-w- C:\Windows\Sysnative\twinui.dll
2014-11-12 20:39:18 C88B63FE96DB4BCED65DD442BC8E77F5 1053184 ----a-w- C:\Windows\Sysnative\localspl.dll
2014-11-12 20:39:18 A208498C5CD750A1743C1AC8162A810F 941568 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll
2014-11-12 20:39:17 CA729FCE295895515A09BD6FF7903DC8 836176 ----a-w- C:\Windows\Sysnative\mfmp4srcsnk.dll
2014-11-12 20:39:14 50E96089F9BE352621997143A56C8E76 822272 ----a-w- C:\Windows\Sysnative\win32spl.dll
2014-11-12 20:39:13 9CE162EB9057CF079736F4DD00FC0D6C 2480128 ----a-w- C:\Windows\Sysnative\WsmSvc.dll
2014-11-12 20:39:13 5416C603B6C85CF0698E8A2A1D28BAA2 448512 ----a-w- C:\Windows\Sysnative\puiobj.dll
2014-11-12 20:39:06 8758F5DEBD2B950B2D56ED11F9E0B38F 545792 ----a-w- C:\Windows\Sysnative\untfs.dll
2014-11-12 20:39:05 6C118AEDD15FDBEAECC0E85C64B5B86B 615424 ----a-w- C:\Windows\Sysnative\FXSCOMEX.dll
2014-11-12 20:39:01 9C55CE9707B3CA29A6505BCDCC546390 275968 ----a-w- C:\Windows\Sysnative\FXSAPI.dll
2014-11-12 20:38:58 A92EF73B02686B7E6F070B486512DB88 389176 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
2014-11-12 20:27:02 93645AEBE163230A2ED5050C14AE6603 2149376 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-11-12 19:37:06 949E590B76018E4523FC71CE510ED9ED 1441792 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-11-12 19:37:06 488CEA4F1B4D2446FFB7A94E3CB385FE 445440 ----a-w- C:\Windows\Sysnative\certcli.dll
2014-11-12 19:37:06 1D25CC0A9C480C5D56A5A6CF2B5DEB99 3547648 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-11-12 19:37:04 91E59FCB3B32DD84E5DCDA2EA1583807 736768 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-11-12 19:37:04 3D2D2EA099D98FE6B94C7D8C7992C08C 40448 ----a-w- C:\Windows\Sysnative\rfxvmt.dll
2014-11-12 19:37:03 D7B23B3154508256C9F434EF9B65B91D 131584 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2014-11-12 19:37:03 A8484FB640E044858BA19FB4F13DD4CE 154112 ----a-w- C:\Windows\Sysnative\msaudite.dll
2014-11-12 19:27:47 DCD090318EC800CF6275C6835900B0C6 3557376 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2014-11-12 19:27:45 BCC10D47920E83EAC8F2E7E2D414692E 894976 ----a-w- C:\Windows\Sysnative\wuapi.dll
2014-11-12 19:27:45 2585412FC573F298FCBFD6759F8C4C0F 1714176 ----a-w- C:\Windows\Sysnative\wucltux.dll
2014-11-12 19:27:44 E67B019D23320AA0C5F1E6DE5D30546A 407552 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2014-11-12 19:27:43 EA2DF5520D3623F353F43809A2F88086 55776 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2014-11-12 19:27:43 CCE7F88AD038494253B485EC1B144EB3 60416 ----a-w- C:\Windows\Sysnative\wups.dll
2014-11-12 19:27:43 5D67074419BBFDCA587C2E2A93743E8A 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2014-11-12 19:27:43 2E66E7D4F1E39F7048A231AA60FD2532 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll
2014-11-12 19:27:42 70AC0FA699C9420CB282CCF72993C2E1 51712 ----a-w- C:\Windows\Sysnative\wups2.dll
2014-11-12 19:27:42 4D94560FD4982BB52C1FE64AE38E1A9F 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe
2014-11-12 19:27:42 4A112AD7D9C7289FE9945D05E97019D0 17408 ----a-w- C:\Windows\Sysnative\wuaext.dll
2014-11-12 19:27:11 9A108C0A3092110F4651B3AFB9CC7B3D 789184 ----a-w- C:\Windows\Sysnative\oleaut32.dll
2014-11-12 18:56:14 F0CE4A653EEBA09509EAF93AE2226FA9 426496 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-11-12 18:56:12 6DE50D5592C6EE18C87B0C2EEEDC1621 185856 ----a-w- C:\Windows\Sysnative\dpapisrv.dll
2014-11-12 18:56:12 622928F5A8045F8122F10561D6C35ED0 104336 ----a-w- C:\Windows\Sysnative\ncryptsslp.dll
2014-11-12 16:19:43 84549E8C8BF76B293A7E625A98D4BCF9 81408 ----a-w- C:\Windows\Sysnative\packager.dll
2014-11-12 16:19:42 B31C4917EC5EADE24A90DDAF37EA00E0 4182016 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-11-12 16:19:17 C0484CA5C7F87E38909746B63C7FC868 911360 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-11-12 16:19:17 9C88C9397B44B76E5C9A44B8E2CE53A1 500016 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-11-12 16:19:17 8085F95BB18A171E7221D2831BC08BC2 394120 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-12 16:19:16 DFDFDE2EA4B5CD0606BA6E56ECEE502D 272248 ----a-w- C:\Windows\Sysnative\audiodg.exe
2014-11-12 16:19:16 9F87516BF76C40B41D831F7D729A6044 482872 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-11-12 16:19:15 BB93DAAAE9006598935192B9CB65E475 108432 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-11-12 16:19:15 7F70B1044272982AAEA7C16E83424770 226304 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
====== C:\Windows\Sysnative\drivers =====
2014-11-18 18:12:58 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-18 18:12:10 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-18 18:12:10 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-18 18:12:10 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-13 15:39:15 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-11-13 15:39:14 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
2014-11-13 15:39:12 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-11-12 20:39:19 CCB3A2BB60FE5073F2DEA63FE83CF8FE 2497344 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-11-12 20:39:14 E3FCE2A6B3533D99A3B498504DF9CC47 474432 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-11-12 20:39:10 66732C13628BDB1AB0D6FD46027327C2 148800 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
2014-11-12 20:39:07 7F23E38C5B6448F91439E4066645191E 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-11-12 19:37:05 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-12 19:37:05 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2014-11-12 19:37:04 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-11-03 17:12:12 186AD2DF9B3323DF4637A5EA65B6F49A 46136 ---ha-w- C:\Windows\Sysnative\drivers\Hamdrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\PBucevac\AppData\Roaming ======
====== C:\Users\PBucevac ======
2014-11-22 17:52:54 D1268C05D0CEDBDE0F724E60C9D614CC 2118144 ----a-w- C:\Users\PBucevac\Desktop\FRST64.exe
2014-11-18 22:44:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\PBucevac\Desktop\AdwCleaner.exe
2014-11-15 05:23:03 A7B5EC8C78129AE392DC9F3FD6CB6D71 34288786 ----a-w- C:\Users\PBucevac\Desktop\torbrowser-install-4.0.1_en-US.exe

====== C: exe-files ==
2014-11-22 17:52:54 D1268C05D0CEDBDE0F724E60C9D614CC 2118144 ----a-w- C:\Users\PBucevac\Desktop\FRST64.exe
2014-11-18 22:44:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\PBucevac\Desktop\AdwCleaner.exe
=== C: other files ==
2014-11-18 18:12:58 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-18 18:12:10 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-18 18:12:10 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-18 18:12:10 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1345835473-412045938-223034000-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"Facebook Update"="C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Viber"="C:\Users\PBucevac\AppData\Local\Viber\Viber.exe StartMinimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
"Facebook Update"="C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Viber"="C:\Users\PBucevac\AppData\Local\Viber\Viber.exe StartMinimized"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1345835473-412045938-223034000-1001Core.job --a-------- C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-Jun-14 10:25 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1345835473-412045938-223034000-1001UA.job --a-------- C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-Jun-14 10:25 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15-Sep-14 11:23 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15-Sep-14 11:23 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1345835473-412045938-223034000-1001Core" [C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1345835473-412045938-223034000-1001UA" [C:\Users\PBucevac\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{03378668-9ED5-4A4D-A7D4-B4F7678C0C7E}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20-Jul-14 06:08 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20-Jul-14 06:07 PM]

GoSaave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj
GoSaave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj
GoSaave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj
GoSaave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj
GoSaave - PBucevac\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj
Google Docs - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GoSaave - PBucevac\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lgfggehlgfahkejcndepnachcknhepnj

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 22-Nov-14 at 20:14:36.15 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10619
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

lgfggehlgfahkejcndepnachcknhepnj;chr
emptyclsid;
emptyalltemp;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Zoek извешзај:


Zoek.exe v5.0.0.0 Updated 21-11-2014
Tool run by PBucevac on 23-Nov-14 at 10:19:54.21.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PBucevac\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-22-190756.log 30656 bytes
C:\zoek-results2014-11-22-191436.log 30623 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1345835473-412045938-223034000-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\PBucevac\AppData\Local\Temporary Internet Files deleted
C:\PROGRA~3\InstallMate deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Users\PBucevac\AppData\Roaming\Intel" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20-Jul-14 06:08 PM]

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\PBucevac\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\PBucevac\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20-Jul-14 06:07 PM]

Google Docs - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PBucevac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\PBucevac\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\PBucevac\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=39 6129081 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PBucevac\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PBucevac\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 23-Nov-14 at 10:46:53.02 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10619
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obavićemo još i ARK provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10619
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Čist si. Ostaje nam još sam oda uklonimo korišćene alate.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 724 korisnika na forumu :: 22 registrovanih, 3 sakrivenih i 699 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, Battlehammer, Boris90, Cranium, dragon986, hatman, ILGromovnik, kalens021, Klecaviks, lord sir giga, manda87, Markoni29, miodrag, Momiroquai79, NoOneEver Dreams, nuke92, oddsock, repac, Sale.S, Smd, stug, VaRvArI 85