Detektiranje virusa

Detektiranje virusa

offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Napisano: 02 Mar 2015 18:09

Avast stalno detektuje viruse sa različitim web adresama kad god ukljucim firefox mozillu, i problem je što piše da blokira prijetnju ali svako 30-tak sekundi iskače nova obavijest, evo slike:



IZVJESTAJ FRST-a

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Admin (administrator) on ADMIN-PC on 02-03-2015 17:56:56
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Administrator & Guest)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files\Philips\CamSuite\1.0.10.0\ACPService.exe
() C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Philips\CamSuite\1.0.10.0\ACPGUI.dll
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Admin\Downloads\FRST (1).exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKU\S-1-5-21-3762181039-1115053102-984538131-1000\...\MountPoints2: {89a95743-f5e0-11e2-8ef5-10bf4871dcbe} - G:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3762181039-1115053102-984538131-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {E2BB65E7-76E3-4A63-B440-94DFB8B3B923} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN24078894981420626&UM=2
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\user.js
FF Extension: UNIDeAAlsi - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net [2015-03-02]
FF Extension: youtubeadblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org [2015-03-02]
FF Extension: SSearcha-NNewTaaabe - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk [2013-07-17]
FF Extension: UUniaDealose - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org [2015-03-02]
FF Extension: safe saave - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net [2013-07-17]
FF Extension: SweetTunes1 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} [2014-06-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-24]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.ba/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (SweetTunes1) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
CHR HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ACPService; C:\Program Files\Philips\CamSuite\1.0.10.0\ACPService.exe [724992 2009-06-09] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [775168 2012-07-03] () [File not signed]
R3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [69735 2008-08-01] () [File not signed]
S2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2008-08-01] () [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19701080 2014-04-30] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-13] ()
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [14600 2008-01-21] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [38920 2008-07-02] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20616 2008-07-31] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-07] (DT Soft Ltd)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 ndiscm; C:\Windows\System32\DRIVERS\NetMotCM.sys [15360 2004-09-29] (Motorola Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19400 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] ( )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] ( )
S3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [29960 2008-07-02] (IVT Corporation.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1823344 2011-11-11] (VIA Technologies, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33800 2008-07-02] (IVT Corporation.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VLAN; system32\DRIVERS\RtVLAN620.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 17:56 - 2015-03-02 17:57 - 00016314 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-03-02 17:55 - 2015-03-02 17:55 - 01132032 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-03-02 17:54 - 2015-03-02 17:56 - 00000000 ____D () C:\FRST
2015-03-02 17:54 - 2015-03-02 17:54 - 02092544 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-03-02 17:53 - 2015-03-02 17:53 - 01132032 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-03-02 17:43 - 2015-03-02 17:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-02 17:43 - 2015-03-02 17:48 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 17:43 - 2015-03-02 17:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 17:43 - 2015-03-02 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-02 17:42 - 2015-03-02 17:42 - 00880208 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2015-03-02 16:01 - 2015-03-02 16:01 - 00000000 ____D () C:\Users\Admin\Desktop\Razno
2015-03-02 15:35 - 2015-03-02 15:35 - 00000000 ____H () C:\ProgramData\cm-lock
2015-02-27 17:24 - 2015-02-27 17:51 - 00000000 ____D () C:\Windows\Minidump
2015-02-27 16:30 - 2015-02-27 16:31 - 00297455 _____ () C:\Users\Admin\Downloads\Windows 7 Watermark Remover for 32 bit.exe
2015-02-27 16:20 - 2015-02-27 17:24 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-02-27 16:17 - 2015-02-27 19:35 - 00000000 ____D () C:\Users\Admin\Downloads\WAT (Windows Activation Tool Remover) {HMP}
2015-02-27 16:17 - 2015-02-27 16:17 - 00002781 _____ () C:\Users\Admin\Downloads\WAT.(Windows.Activation.Tool.Remover).torrent
2015-02-27 16:15 - 2015-02-27 16:15 - 00001744 _____ () C:\Users\Admin\Downloads\[limetorrents.cc]Windows.7.bild.7057.Watermark.Remover.for.32.bit.torrent
2015-02-27 16:13 - 2015-02-27 16:13 - 00022362 _____ () C:\Users\Admin\Downloads\RemoveWatermark_20090509.zip
2015-02-27 16:13 - 2009-05-09 01:25 - 00021504 _____ (deepxw) C:\Users\Admin\Desktop\RemoveWatermarkX86.exe
2015-02-27 16:06 - 2015-02-27 16:06 - 00000000 ____D () C:\Windows\system32\X86
2015-02-27 16:06 - 2015-02-27 16:06 - 00000000 ____D () C:\Windows\system32\AMD64
2015-02-27 16:05 - 2015-03-01 17:22 - 00000000 ____D () C:\Program Files\UUniaDealose
2015-02-27 16:04 - 2015-02-27 16:04 - 00000000 ____D () C:\ProgramData\ofamnpcbfopkblkalehpkkfgefabdbpk
2015-02-27 16:02 - 2015-02-27 16:58 - 00000000 ____D () C:\Program Files\CutterInstance
2015-02-27 16:02 - 2015-02-27 16:02 - 00000000 ____D () C:\Program Files\Remote Torrent Adder
2015-02-27 16:01 - 2015-02-27 16:21 - 00000000 ____D () C:\ProgramData\{9d34bdad-caba-9707-9d34-4bdadcabf6b7}
2015-02-27 16:01 - 2015-02-27 16:01 - 00000000 ____D () C:\ProgramData\aegembegdmjcjbhnceeepjhaceapibll
2015-02-27 16:01 - 2015-02-27 16:01 - 00000000 ____D () C:\ProgramData\5559584242170313717
2015-02-27 16:01 - 2015-02-27 16:01 - 00000000 ____D () C:\Program Files\UNIDeAAlsi
2015-02-27 15:45 - 2015-02-27 19:35 - 00000000 ____D () C:\Users\Admin\Downloads\Windows Loader 2.2.2 Final By DAZ - SceneDL
2015-02-27 15:45 - 2015-02-27 15:45 - 00007057 _____ () C:\Users\Admin\Downloads\windows loader 2 2 2 final by daz - scenedl.torrent
2015-02-27 15:37 - 2015-03-02 15:37 - 00001330 _____ () C:\Windows\Tasks\VV.job
2015-02-27 15:36 - 2015-03-02 15:36 - 00001684 _____ () C:\Windows\Tasks\DBPAOYW.job
2015-02-27 15:36 - 2015-02-27 19:35 - 00000000 ____D () C:\Program Files\globalUpdate
2015-02-27 15:36 - 2015-02-27 17:47 - 00000000 ____D () C:\Program Files\0d6d40d5-4422-4693-9b2f-d3619f1810a3
2015-02-27 15:36 - 2015-02-27 15:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2015-02-27 15:32 - 2015-02-27 17:57 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-27 15:31 - 2015-02-27 15:31 - 00000000 ____D () C:\Users\Admin\Downloads\KMSpico v9.3.2
2015-02-21 16:33 - 2015-02-21 16:33 - 00002626 _____ () C:\Users\Admin\Downloads\legitcheck.hta
2015-02-19 19:46 - 2015-02-27 15:36 - 00000000 ____D () C:\Program Files\Windows KMS Activator Ultimate 2015 v2.4
2015-02-19 19:46 - 2015-02-19 19:46 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-02-19 19:44 - 2015-02-19 19:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2015-02-19 19:44 - 2015-02-19 19:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2015-02-19 19:43 - 2015-02-19 19:46 - 00000000 ____D () C:\Program Files\Opera
2015-02-19 19:41 - 2015-03-02 15:33 - 00000000 ____D () C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v2.0
2015-02-19 19:27 - 2015-02-19 19:27 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-02-19 19:27 - 2015-02-19 19:27 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-19 18:48 - 2015-02-27 19:35 - 00000000 ____D () C:\Windows XP usb4
2015-02-19 18:48 - 2015-02-19 18:51 - 00000000 ____D () C:\usb5
2015-02-19 18:43 - 2015-02-19 18:43 - 00000000 ____D () C:\USB3
2015-02-19 16:03 - 2015-02-19 18:16 - 00000000 ____D () C:\Users\Admin\Desktop\USB1
2015-02-19 14:35 - 2015-02-19 14:44 - 00000000 ____D () C:\Users\Admin\Desktop\USB
2015-02-19 13:25 - 2015-02-19 13:25 - 00783424 _____ () C:\Windows\pkeyconfig.xrm-ms

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 17:57 - 2014-07-15 14:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 17:49 - 2014-01-01 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 17:43 - 2013-05-07 12:56 - 00000000 ____D () C:\Program Files\Google
2015-03-02 17:38 - 2013-07-26 12:13 - 00000000 ____D () C:\Users\Admin\Documents\CCleaner
2015-03-02 17:29 - 2014-12-13 14:51 - 00185281 ____N () C:\Windows\WindowsUpdate.log
2015-03-02 17:23 - 2014-07-03 06:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 16:04 - 2013-05-07 12:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-03-02 15:40 - 2009-07-14 05:34 - 00038992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:40 - 2009-07-14 05:34 - 00038992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:35 - 2008-08-04 17:04 - 00001026 _____ () C:\Windows\system32\bscs.ini
2015-03-02 15:34 - 2013-07-02 16:12 - 00000310 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2015-03-02 15:34 - 2013-05-07 13:59 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-02 15:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 21:23 - 2013-07-26 12:17 - 00004609 _____ () C:\Windows\system32\LOCALSERVICE.INI
2015-02-27 20:29 - 2013-07-26 17:48 - 00000386 _____ () C:\Windows\system32\REMOTEDEVICE.INI
2015-02-27 20:26 - 2013-07-26 12:17 - 00000100 _____ () C:\Windows\system32\LOCALDEVICE.INI
2015-02-27 19:44 - 2013-05-07 13:57 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-27 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\SchCache
2015-02-27 17:47 - 2014-02-23 18:34 - 00000000 ____D () C:\Program Files\abgx360
2015-02-27 16:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-27 16:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-02-27 16:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-05 16:49 - 2014-01-01 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 16:49 - 2014-01-01 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Admin\AppData\Roaming\DBPAOYW
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Admin\AppData\Roaming\VV
2014-06-25 14:20 - 2014-07-25 20:01 - 0005120 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-09 14:45 - 2014-07-09 14:45 - 0000171 _____ () C:\ProgramData\CamSuite.ini
2015-03-02 15:35 - 2015-03-02 15:35 - 0000000 ____H () C:\ProgramData\cm-lock
2014-08-31 15:50 - 2014-08-31 15:50 - 0000331 _____ () C:\ProgramData\hpzinstall.log
2014-07-23 18:42 - 2014-07-23 18:42 - 0004883 _____ () C:\ProgramData\mtbjfghn.xbe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 20:10

==================== End Of Log ============================



https://www.mycity.rs/must-login.png

Dopuna: 02 Mar 2015 18:23

Samo jos odvojeno od toga da napomenem da mi se pored google i faccebok kad posjetim dodaju jos neka slova, kao na slikama :









te mi pozuti polje kad klinem na zapamcenu adresu u adress bar-a na fb-u

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,


Postoji li jos koji _krek za Windows OS koji nisi probao?

Ne samo da je piraterija zabranjena, vec si isti taj Windows inficirao upravo sa tim raznoraznim glupostima dok si pokusavao da "kupis" OS. Pa da su isti skidani sa 'officiala' pa ajd' nekako ali ovo ovako ...

Anyway ...

Deinstaliraj Remote Torrent Adder i sve ostale gluposti iz Control Panel > Programs and Features.

Potom ...




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
File: C:\Windows\System32\drivers\spc999.sys
File: C:\Windows\System32\drivers\spc999m.sys

CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON

CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {E2BB65E7-76E3-4A63-B440-94DFB8B3B923} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN24078894981420626&UM=2
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: UNIDeAAlsi - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net [2015-03-02]
FF Extension: youtubeadblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org [2015-03-02]
FF Extension: SSearcha-NNewTaaabe - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk [2013-07-17]
FF Extension: UUniaDealose - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org [2015-03-02]
FF Extension: safe saave - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net [2013-07-17]
FF Extension: SweetTunes1 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} [2014-06-09]
CHR Extension: (SweetTunes1) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc [2015-03-02]
CHR HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23]
Task: {25ED89D6-BC83-45F1-8FA3-7B849E028A94} - System32\Tasks\DBPAOYW => C:\Users\Admin\AppData\Roaming\DBPAOYW.exe <==== ATTENTION
Task: {50A7C158-CC9D-4FFD-9F2C-0396DF925084} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {993F90A6-3F94-49C9-8BF2-CA54BC5A75F8} - System32\Tasks\VV => C:\Users\Admin\AppData\Roaming\VV.exe <==== ATTENTION
Task: C:\Windows\Tasks\DBPAOYW.job => C:\Users\Admin\AppData\Roaming\DBPAOYW.exe <==== ATTENTION
Task: C:\Windows\Tasks\VV.job => C:\Users\Admin\AppData\Roaming\VV.exe <==== ATTENTION

Hosts:
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988}
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc
C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx
C:\Program Files\UUniaDealose
C:\ProgramData\ofamnpcbfopkblkalehpkkfgefabdbpk
C:\Program Files\CutterInstance
C:\Program Files\Remote Torrent Adder
C:\ProgramData\{9d34bdad-caba-9707-9d34-4bdadcabf6b7}
C:\ProgramData\aegembegdmjcjbhnceeepjhaceapibll
C:\ProgramData\5559584242170313717
C:\Program Files\UNIDeAAlsi
C:\Users\Admin\Downloads\Windows Loader 2.2.2 Final By DAZ - SceneDL
C:\Users\Admin\Downloads\windows loader 2 2 2 final by daz - scenedl.torrent
C:\Windows\Tasks\VV.job
C:\Windows\Tasks\DBPAOYW.job
C:\Program Files\globalUpdate
C:\Program Files\0d6d40d5-4422-4693-9b2f-d3619f1810a3
C:\Users\Admin\AppData\Local\globalUpdate
C:\Users\Admin\AppData\Roaming\DBPAOYW
C:\Users\Admin\AppData\Roaming\VV
C:\Users\Admin\AppData\Roaming\DBPAOYW.exe
C:\Users\Admin\AppData\Roaming\VV.exe
 
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:66633281
AlternateDataStreams: C:\ProgramData\TEMP:AF4CCAAD

EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Znam da je zabranjen i da sam svasta instalirao dok nisam nasao legalnost al nema potrebe da me tako napadaš...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2015
Ran by Admin at 2015-03-02 19:59:13 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
File: C:\Windows\System32\drivers\spc999.sys
File: C:\Windows\System32\drivers\spc999m.sys

CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON

CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84
SearchScopes: HKU\S-1-5-21-3762181039-1115053102-984538131-1000 -> {E2BB65E7-76E3-4A63-B440-94DFB8B3B923} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN24078894981420626&UM=2
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=22352&r=2015/02/27&hid=10322070715076128075&lg=EN&cc=BA&unqvl=84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: UNIDeAAlsi - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net [2015-03-02]
FF Extension: youtubeadblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org [2015-03-02]
FF Extension: SSearcha-NNewTaaabe - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk [2013-07-17]
FF Extension: UUniaDealose - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org [2015-03-02]
FF Extension: safe saave - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net [2013-07-17]
FF Extension: SweetTunes1 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} [2014-06-09]
CHR Extension: (SweetTunes1) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc [2015-03-02]
CHR HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [giolhomkcooifelkdfpejhidfidaahlc] - C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx [2013-10-23]
Task: {25ED89D6-BC83-45F1-8FA3-7B849E028A94} - System32\Tasks\DBPAOYW => C:\Users\Admin\AppData\Roaming\DBPAOYW.exe <==== ATTENTION
Task: {50A7C158-CC9D-4FFD-9F2C-0396DF925084} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {993F90A6-3F94-49C9-8BF2-CA54BC5A75F8} - System32\Tasks\VV => C:\Users\Admin\AppData\Roaming\VV.exe <==== ATTENTION
Task: C:\Windows\Tasks\DBPAOYW.job => C:\Users\Admin\AppData\Roaming\DBPAOYW.exe <==== ATTENTION
Task: C:\Windows\Tasks\VV.job => C:\Users\Admin\AppData\Roaming\VV.exe <==== ATTENTION

Hosts:
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988}
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc
C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx
C:\Program Files\UUniaDealose
C:\ProgramData\ofamnpcbfopkblkalehpkkfgefabdbpk
C:\Program Files\CutterInstance
C:\Program Files\Remote Torrent Adder
C:\ProgramData\{9d34bdad-caba-9707-9d34-4bdadcabf6b7}
C:\ProgramData\aegembegdmjcjbhnceeepjhaceapibll
C:\ProgramData\5559584242170313717
C:\Program Files\UNIDeAAlsi
C:\Users\Admin\Downloads\Windows Loader 2.2.2 Final By DAZ - SceneDL
C:\Users\Admin\Downloads\windows loader 2 2 2 final by daz - scenedl.torrent
C:\Windows\Tasks\VV.job
C:\Windows\Tasks\DBPAOYW.job
C:\Program Files\globalUpdate
C:\Program Files\0d6d40d5-4422-4693-9b2f-d3619f1810a3
C:\Users\Admin\AppData\Local\globalUpdate
C:\Users\Admin\AppData\Roaming\DBPAOYW
C:\Users\Admin\AppData\Roaming\VV
C:\Users\Admin\AppData\Roaming\DBPAOYW.exe
C:\Users\Admin\AppData\Roaming\VV.exe

AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:66633281
AlternateDataStreams: C:\ProgramData\TEMP:AF4CCAAD

EmptyTemp:
End
*****************


========================= File: C:\Windows\System32\drivers\spc999.sys ========================

MD5: 6B92F41B59F0774EF053CE865C9529BB
Creation and modification date: 2014-07-09 14:53 - 2009-12-14 13:56
Size: 0487936
Attributes: ----A
Company Name:
Internal Name: SPC999m.SYS
Original Name: SPC999m.SYS
Product Name: ST-VIBU STV Camera Driver
Description: ST-VIBU STV Camera Driver (WDM Main Driver)
File Version: 01-00 built by: WinDDK
Product Version: 01-00
Copyright: STMicroelectronics ©1999-2004

====== End Of File: ======


========================= File: C:\Windows\System32\drivers\spc999m.sys ========================

MD5: 6E26F563CE1A7F25E5182E8512710595
Creation and modification date: 2014-07-09 14:53 - 2009-12-14 13:56
Size: 0007680
Attributes: ----A
Company Name:
Internal Name: SPC999m.SYS
Original Name: SPC999m.SYS
Product Name: ST-VIBU STV Camera Driver
Description: ST-VIBU STV Camera Driver (DS Mini Driver)
File Version: 01-00 built by: WinDDK
Product Version: 01-00
Copyright: STMicroelectronics ©1999-2004

====== End Of File: ======

Restore point was successfully created.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

The operation completed successfully.



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {26116AD8-96CD-4EFA-8411-88C5046AA85A}.
{22AB80F4-D4AF-4161-B567-41EAAE8215DE} canceled.
{C4119627-91A7-49A1-8448-64336FC11475} canceled.
{6AAEE9B2-BAFF-4DF3-A3A4-39D7F40B6E1E} canceled.
3 out of 4 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::1c42:31d4:56bb:4cb8%16
Autoconfiguration IPv4 Address. . : 169.254.76.184
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d97f:814f:d45b:8ba0%12
Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{F270B52D-9077-4873-80FF-04CCAA730FE4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{4B727FED-5CF2-427E-AD2B-7DB357887C22}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

An error occurred while renewing interface Local Area Connection : unable to contact your DHCP server. Request has timed out.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::1c42:31d4:56bb:4cb8%16
Autoconfiguration IPv4 Address. . : 169.254.76.184
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d97f:814f:d45b:8ba0%12
IPv4 Address. . . . . . . . . . . : 192.168.0.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter isatap.{F270B52D-9077-4873-80FF-04CCAA730FE4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{4B727FED-5CF2-427E-AD2B-7DB357887C22}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
"HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2BB65E7-76E3-4A63-B440-94DFB8B3B923}" => Key deleted successfully.
HKCR\CLSID\{E2BB65E7-76E3-4A63-B440-94DFB8B3B923} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => Moved successfully.
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc => Moved successfully.
"HKU\S-1-5-21-3762181039-1115053102-984538131-1000\SOFTWARE\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc" => Key deleted successfully.
C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25ED89D6-BC83-45F1-8FA3-7B849E028A94}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25ED89D6-BC83-45F1-8FA3-7B849E028A94}" => Key deleted successfully.
C:\Windows\System32\Tasks\DBPAOYW => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DBPAOYW" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50A7C158-CC9D-4FFD-9F2C-0396DF925084}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50A7C158-CC9D-4FFD-9F2C-0396DF925084}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{993F90A6-3F94-49C9-8BF2-CA54BC5A75F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{993F90A6-3F94-49C9-8BF2-CA54BC5A75F8}" => Key deleted successfully.
C:\Windows\System32\Tasks\VV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VV" => Key deleted successfully.
C:\Windows\Tasks\DBPAOYW.job => Moved successfully.
C:\Windows\Tasks\VV.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7@Nj.net" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\7t@HVQtodwx.org" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\eiiv@yiabwcm.co.uk" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\Jv8@4w.org" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\xayiie@qxkydmg.net" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988}" => File/Directory not found.
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc" => File/Directory not found.
"C:\Users\Admin\AppData\Local\CRE\giolhomkcooifelkdfpejhidfidaahlc.crx" => File/Directory not found.
C:\Program Files\UUniaDealose => Moved successfully.
C:\ProgramData\ofamnpcbfopkblkalehpkkfgefabdbpk => Moved successfully.
C:\Program Files\CutterInstance => Moved successfully.
C:\Program Files\Remote Torrent Adder => Moved successfully.
C:\ProgramData\{9d34bdad-caba-9707-9d34-4bdadcabf6b7} => Moved successfully.
C:\ProgramData\aegembegdmjcjbhnceeepjhaceapibll => Moved successfully.
C:\ProgramData\5559584242170313717 => Moved successfully.
C:\Program Files\UNIDeAAlsi => Moved successfully.
C:\Users\Admin\Downloads\Windows Loader 2.2.2 Final By DAZ - SceneDL => Moved successfully.
C:\Users\Admin\Downloads\windows loader 2 2 2 final by daz - scenedl.torrent => Moved successfully.
"C:\Windows\Tasks\VV.job" => File/Directory not found.
"C:\Windows\Tasks\DBPAOYW.job" => File/Directory not found.
C:\Program Files\globalUpdate => Moved successfully.
C:\Program Files\0d6d40d5-4422-4693-9b2f-d3619f1810a3 => Moved successfully.
C:\Users\Admin\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Admin\AppData\Roaming\DBPAOYW => Moved successfully.
C:\Users\Admin\AppData\Roaming\VV => Moved successfully.
"C:\Users\Admin\AppData\Roaming\DBPAOYW.exe" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\VV.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully.
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully.
C:\ProgramData\TEMP => ":661DFA1C" ADS removed successfully.
C:\ProgramData\TEMP => ":66633281" ADS removed successfully.
C:\ProgramData\TEMP => ":AF4CCAAD" ADS removed successfully.
EmptyTemp: => Removed 121.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:02:07 ====

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

paskale ::Znam da je zabranjen i da sam svasta instalirao dok nisam nasao legalnost al nema potrebe da me tako napadaš...


Ne napadam te zlonamerno, ali moram da ti iznesem cinjenice da to sto radis se ne radi tako, i to kako radis nije u redu. Pazi, ja sam prevashodno tkz. malware removal expert, i kao takav se borim protiv sakog vida malware-a. I kada ja analiziram neki log (a to vremenski traje) i ustanovim da je korisnik istoga svesno inficirao racunar a posle od nas (mene) trazi da isti ocisti, ja ti moram izneti moj neki stav u nekoj nadi da cu tvoje navike da promenim. Iza mog stava stoji kompletan malware removal savez, kao i AV/AM programi. Na nekim drugim forumima, ovakvi slucajevi se zakljucavaju. Prosto, instalirao si razne krekove a za njim dovukao i kolekciju stetnog softvera.

Savet: izbegavaj pominjanje istoga, i na ovom forumu je to zabranjeno!

Sto se tice izvestaja, dobar posao je odradjen. Sada moramo da idemo u dodatnu proveru, dodatan log ...





Preuzmi smeenk-ov zoek () sa ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


Klikni na More Options dugme i stikliraj polje ispred sledece opcije:
Auto Clean
Napomena: Stikliraj samo navedenu opciju, ostale opcije ne dirati ! !


Klikni na dugme i pričekaj da se skeniranje završi.
zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)

Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Ma znam i poštujem vas antivirus experte kao i windows experte jer znam da je ovaj sajt vrhunski ali morao sam ga legalizovat nisam svejsno isao iz dosade da ga zarazim, a nisam znao da se može preko official sajta može skinut kJek. Ma ne bi ja ni ovo, nisu mi to navike nego promijenit cu ali reci mi na p.m drugo rjesenje Smile

Hvala ti što mi pomažeš cičćenja


Zoek.exe v5.0.0.0 Updated 01-March-2015
Tool run by Admin on pon 02.03.2015 at 20:49:04,20.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

2.3.2015 20:50:15 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\PROGRA~2\Babylon deleted successfully
C:\PROGRA~2\Conduit deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\Admin\AppData\Roaming\AVI ReComp deleted successfully
C:\Users\Admin\AppData\Roaming\Bluefive software deleted successfully
C:\Users\Admin\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Admin\AppData\Roaming\Opera Software deleted successfully
C:\Users\Admin\AppData\Roaming\YourFileDownloader deleted successfully
C:\Users\Admin\AppData\Local\Bundled software uninstaller deleted successfully
C:\Users\Admin\AppData\Local\Conduit deleted successfully
C:\Users\Admin\AppData\Local\CRE deleted successfully
C:\Users\Admin\AppData\Local\Opera Software deleted successfully
C:\Users\Admin\AppData\Local\Popajar deleted successfully
C:\Users\Admin\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default

---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "3e4652c000000000000010bf4871dcbe");
user_pref("extensions.delta.instlDay", "15916");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.22.0");
user_pref("extensions.delta.vrsnTs", "1.8.22.015:32:31");
user_pref("extensions.delta.vrsni", "1.8.22.0");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=123973&tsp=4959");
user_pref("extensions.delta_i.srcExt", "ss");
---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "3e4652c000000000000010bf4871dcbe");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15916");
user_pref("extensions.delta.vrsn", "1.8.22.0");
user_pref("extensions.delta.vrsni", "1.8.22.0");
user_pref("extensions.delta.vrsnTs", "1.8.22.015:32:31");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=123973&tsp=4959");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines CT3282698 removed from prefs.js ----
user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
user_pref("CT3282698.FF19Solved", "true");
user_pref("CT3282698.fullUserID", "UN41619346942583823.IN.20131025191510");
user_pref("CT3282698.installDate", "25/10/2013 19:15:14");
user_pref("CT3282698.installerVersion", "1.8.0.14");
user_pref("CT3282698.installSessionId", "{34EB7C26-10DF-4E25-BED0-DF306E0E3304}");
user_pref("CT3282698.installSp", "TRUE");
user_pref("CT3282698.keyword", "true");
user_pref("CT3282698.originalHomepage", "about:home");
user_pref("CT3282698.originalSearchAddressUrl", "");
user_pref("CT3282698.originalSearchEngine", "");
user_pref("CT3282698.originalSearchEngineName", "");
user_pref("CT3282698.searchRevert", "false");
user_pref("CT3282698.searchUserMode", "2");
user_pref("CT3282698.smartbar.homepage", "true");
user_pref("CT3282698.toolbarInstallDate", "25-10-2013 19:15:11");
user_pref("CT3282698.UserID", "UN41619346942583823");
user_pref("CT3282698.versionFromInstaller", "10.21.1.7");
user_pref("CT3282698.xpeMode", "0");
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
---- Lines smartbar removed from prefs.js ----
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
---- Lines extensions.51e66fe32fd13 removed from prefs.js ----
user_pref("extensions.51e66fe32fd13.epoch", "1375720284");
user_pref("extensions.51e66fe32fd13.url", "http://getproxy5.info/sync2/?ext=824&pid=726&country=BA®d=130717102019&lsd=130804163119&ver=7&ind=211322
---- Lines extensions.51e67019d0705 removed from prefs.js ----
user_pref("extensions.51e67019d0705.epoch", "1376739701");
user_pref("extensions.51e67019d0705.url", "http://getjpi1.info/sync2/?ext=wbn&pid=726&country=BA®d=130717102113&lsd=130816114139&ver=7&ind=21132293
---- Lines extensions.W9zSYlB1tj30Z7cZ removed from prefs.js ----
user_pref("extensions.W9zSYlB1tj30Z7cZ.epoch", "1");
user_pref("extensions.W9zSYlB1tj30Z7cZ.scode", "void(0);");
user_pref("extensions.W9zSYlB1tj30Z7cZ.url", "http://canadacomp.info/sync/?q=C6qUojC7rdU4pjU9rHa6rTrEpjw5pdrMAyVUojwErHsGrdCEqHw8rdC7rjs5rdC8tNtVh7n0r
---- Lines extensions.Z1JftZimBS2VtmMy removed from prefs.js ----
user_pref("extensions.Z1JftZimBS2VtmMy.epoch", "1");
user_pref("extensions.Z1JftZimBS2VtmMy.scode", "void(0);");
user_pref("extensions.Z1JftZimBS2VtmMy.url", "http://versiontraffic.info/sync/?q=C6qUojw4rHw7pjk6rjnErTsGqTk8rHCMAyVUojwErHsGrdCEqHw8rdC7rjs5rdC8tNtVh
---- Lines extensions.qqip9WN0VWscJJcn removed from prefs.js ----
user_pref("extensions.qqip9WN0VWscJJcn.epoch", "1");
user_pref("extensions.qqip9WN0VWscJJcn.scode", "void(0);");
user_pref("extensions.qqip9WN0VWscJJcn.url", "http://app-foryou.com/sync/?q=C6qUojC7rdU4pjU9rHa6rTrEpjw5pdrMAyVUojwErHsGrdCEqHw8rdC7rjs5rdC8tNtVh7n0rj
---- FireFox user.js and prefs.js backups ----

user_02.03.2015_2102_.backup
prefs_02.03.2015_2102_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Users\Admin\AppData\Local\15534 deleted
C:\PROGRA~2\StarApp deleted
C:\Users\Admin\AppData\LocalLow\Conduit deleted
C:\Program Files\Conduit deleted
C:\PROGRA~2\safe saave deleted
C:\PROGRA~2\SSearcha-NNewTaaabe deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Admin\AppData\Local\WhiteListing deleted
C:\Users\Admin\AppData\Local\NativeMessaging deleted
C:\Windows\System32\Tasks\avast! Emergency Update deleted
C:\Users\Guest\AppData\LocalLow\AVG Secure Search deleted
C:\END deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Admin\Documents\Add-in Express deleted
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\Invalidprefs.js deleted
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\jetpack deleted
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default\CT3282698 deleted
"C:\ProgramData\cm-lock" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.01.2015 19:21]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3p4sbx0y.default
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Voice Search Hotword (Beta) - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker deleted successfully

==== Empty IE Cache ======================

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3p4sbx0y.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=127 folders=29 3601802 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted

==== EOF on pon 02.03.2015 at 21:09:12,36 ======================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ovo izgleda dobro. Odradimo jos jednu brzu ARK proveru i ovde smo zavrsili.

Nisi mi rekao, je li ti avast! i dalje izbacuje upozorenja? ...problem bi trebao da je resen jos od izvrsenja prve scripte za FRST.






Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Napisano: 03 Mar 2015 16:28

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.03.04
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
Admin :: ADMIN-PC [administrator]

3.3.2015 16:08:09
mbar-log-2015-03-03 (16-08-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 397594
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


https://www.mycity.rs/must-login.png

Dopuna: 03 Mar 2015 16:30

I ja mislim da smo s prvi korakom ovo riješili, hvala ti... nego sta mi možeš reći za ovo

Samo jos odvojeno od toga da napomenem da mi se pored google i faccebok kad posjetim dodaju jos neka slova, kao na slikama :









te mi pozuti polje kad klinem na zapamcenu adresu u adress bar-a na fb-u

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Mislis li na URL? Ja nista tu ne vidim sporno. Ili te mozda nisam razumeo?

URL je takav kakav je, nemas ti sa tim nista. Ako mislis na ". . .com/?_rdr" na kraju URL-a, to je nesto na sta ti ne treba da obracas paznju.

Ako mislis na "https" protokol, takodje, nesto na sta ti ne bi trebao da obracas paznju. Bitno je da ti se trazene stranice ucitavaju kako treba.

Bdw, verovatno znas ali da za svaki slucaj napomenem, te stranice sa screenshot-a su pokrenute u tkz. chrome anonimnom modu ( incognito)









Sledeća procedura će implementirati završno čišćenje.




Arrow 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

DeleteQuarantine:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.






----- ----- -----





Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 636 korisnika na forumu :: 17 registrovanih, 4 sakrivenih i 615 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, branko7, brundo65, CheefCoach, djordje92sm, doom83, Georgius, kuntalo, magna86, mercedesamg, nuke92, Oluj2.1, pein, scimitar19, Snorks, Toni, zlaya011