MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 4.3.2014
1

Provera
Sledeća strana Pagination

Idi na vrh

Poslao: 04 Mar 2014 00:33
Idi na vrh
offline
  • Pridružio: 24 Sep 2008
  • Poruke: 33
  • Gde živiš: BG

Prošlo je skoro dve godine od kad sam uspešno uz vašu pomoć otklonio neke probleme u sistemu pa bih hteo da ponovo proverim dal je sve u redu. Hvala

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.45.2
Run by Ivan at 0:21:51 on 2014-03-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.8175.5910 [GMT 1:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\XWidget\xwidget.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hard Drive Inspector\HDInspector.exe
C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uProxyServer = hxxp=;ftp=;https=;
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
uRun: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [HDInspector.exe] C:\Program Files (x86)\Hard Drive Inspector\HDInspector.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: NameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{12CD6203-51D3-4DC9-A0F6-BBC2B6D5CA5D} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{12CD6203-51D3-4DC9-A0F6-BBC2B6D5CA5D} : DHCPNameServer = 192.168.1.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - ca14aed900000000000050e54945f1a4
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15791
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:30:59
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-1-21 21184]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-31 283064]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-12-10 30752]
R1 LUM;LUM;C:\Windows\System32\drivers\LUM.sys [2007-6-5 24848]
R1 LUMDriver;LUMDriver;C:\Windows\System32\drivers\LUMDriver.sys [2008-1-2 24848]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe [2008-2-2 46592]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-3-1 335168]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-12-10 1168960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-13 701512]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-12-10 82160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-2-13 77936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-13 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-13 2655768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-2-13 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-2-13 30528]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-13 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-13 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-2-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-14 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-13 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
S4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-12-27 9216]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-5 2151200]
S4 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-7-24 230408]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-21 5071712]
.
=============== Created Last 30 ================
.
2014-02-28 19:22:31 -------- d-----w- C:\Users\Ivan\AppData\Local\Skype
2014-02-26 10:20:13 965120 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2014-02-26 10:20:13 1202688 ----a-w- C:\Windows\System32\ac3filter64.acm
2014-02-26 10:20:13 -------- d-----w- C:\Program Files (x86)\AC3Filter
2014-02-25 15:40:36 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2014-02-25 15:40:24 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2014-02-25 15:40:17 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2014-02-25 15:40:11 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-02-25 15:38:06 182272 ----a-w- C:\Windows\SysWow64\wmpsrcwp.dll
2014-02-25 15:38:03 105472 ----a-w- C:\Windows\SysWow64\wmpshell.dll
2014-02-25 15:38:00 144384 ----a-w- C:\Windows\SysWow64\wmpps.dll
2014-02-25 15:37:55 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2014-02-25 15:37:03 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-25 15:36:55 1624064 ----a-w- C:\Windows\SysWow64\WMPEncEn.dll
2014-02-25 15:36:52 352256 ----a-w- C:\Windows\SysWow64\wmpeffects.dll
2014-02-25 15:36:49 299520 ----a-w- C:\Windows\SysWow64\wmpdxm.dll
2014-02-25 15:36:46 170496 ----a-w- C:\Windows\SysWow64\WmpDui.dll
2014-02-25 15:36:43 22528 ----a-w- C:\Windows\SysWow64\wmpcm.dll
2014-02-25 15:36:08 2048 ----a-w- C:\Windows\SysWow64\wmerror.dll
2014-02-25 15:36:06 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2014-02-25 15:36:03 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2014-02-25 15:36:00 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2014-02-25 15:35:57 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2014-02-25 15:35:21 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2014-02-25 15:35:10 266752 ----a-w- C:\Windows\SysWow64\MediaMetadataHandler.dll
2014-02-25 15:34:58 219648 ----a-w- C:\Windows\SysWow64\iTVData.dll
2014-02-25 15:34:56 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2014-02-25 15:08:21 278528 ----a-w- C:\Windows\SysWow64\unregmp2.exe
2014-02-25 15:08:19 83968 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-02-25 15:06:28 -------- d-----w- C:\Windows\ehome
2014-02-25 15:05:22 -------- d-----w- C:\ProgramData\Weskysoft
2014-02-25 14:58:58 -------- d-----w- C:\Program Files (x86)\DLLSuite
2014-02-25 14:57:42 970912 ----a-w- C:\Windows\SysWow64\msvcr120.dll
2014-02-25 14:57:36 963232 ----a-w- C:\Windows\System32\msvcr120.dll
2014-02-25 14:53:25 -------- d-----w- C:\Users\Ivan\AppData\Roaming\dll-files.com
2014-02-15 16:34:47 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2014-02-06 19:50:52 -------- d-----w- C:\Users\Ivan\AppData\Roaming\ImTOO
2014-02-06 19:50:44 -------- d-----w- C:\ProgramData\ImTOO
2014-02-06 19:50:44 -------- d-----w- C:\Program Files (x86)\ImTOO
2014-02-06 19:50:11 37532835 ----a-w- C:\video-converter-ultimate7.exe
2014-02-06 19:20:49 -------- d-----w- C:\Users\Ivan\AppData\Roaming\HandBrake
2014-02-06 19:17:04 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-02-06 19:17:04 327749 ----a-w- C:\Windows\SysWow64\drvc.dll
2014-02-06 19:16:44 -------- d-----w- C:\Program Files (x86)\eRightSoft
2014-02-06 14:50:33 -------- d-----w- C:\Users\Ivan\AppData\Roaming\AVS4YOU
2014-02-06 14:49:19 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2014-02-06 14:49:19 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2014-02-06 14:49:19 -------- d-----w- C:\ProgramData\AVS4YOU
2014-02-06 14:49:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2014-02-06 14:25:39 -------- d-----w- C:\Users\Ivan\AppData\Roaming\AnvSoft
2014-02-06 14:14:33 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Xilisoft
.
==================== Find3M ====================
.
2014-02-26 10:35:50 99384 ----a-w- C:\Users\Ivan\AppData\Roaming\inst.exe
2014-02-26 10:35:50 82816 ----a-w- C:\Users\Ivan\AppData\Roaming\pcouffin.sys
2014-02-22 18:13:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 18:13:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-08 14:54:02 121856 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll20140121104741.dll
2014-01-08 14:54:02 121856 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-24 09:40:32 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-12-10 02:28:33 610304 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-10 02:02:22 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 0:22:01,86 ===============

[Link mogu videti samo ulogovani korisnici]



Poslao: 04 Mar 2014 12:01
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav stanoye,

Idea Logovi mi ukazuju da imas instalirane razne IOBit programe. Programi su sami po sebi legitimni ali su imali malicioznu proslost. Vise o tome mozes procitati ovde:

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]



--- --- --- --- --- --- --- --- --- --- --- ---


Arrow Postavljeni logovi ne pokazuju tragove aktivne infekcije. No oni ukazuju na neka zaostala PUP (knp. adware,toolbar...) setovanja u pretrazivacima i registryju koje bi valjalo postaviti nazad na default.

Alat Zoek ce to odraditi, a kao dodatak ne samo da ce dodatno proveriti sistem na tragove PUP softvera vec ce odraditi i neka dodatna ciscenja (knp. praznjenje temp foldera, brisanje browser i flash cache ...) itd. A kao extra dodatak na sve to, zeleo bih da dodatno proverimo sistem na aktivan malware koristeci ComboFix. Cisto da potvrdimo ono sto nam je DDS vec rekao ...







--- --- ---
Arrow Zoek Scan
--- ---



Preuzmi smeenk-ov zoek () sa ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


Klikni na More Options dugme i stikliraj polje ispred sledece opcije:
Auto Clean
Napomena: Stikliraj samo navedenu opciju, ostale opcije ne dirati ! !


Klikni na dugme i pričekaj da se skeniranje završi.
zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)

Arrow Kopiraj sadrzaj tog loga u poruku.





--- --- ---
Arrow ComboFix
--- ---


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.



Poslao: 04 Mar 2014 14:01
Idi na vrh
offline
  • Pridružio: 24 Sep 2008
  • Poruke: 33
  • Gde živiš: BG

Napisano: 04 Mar 2014 13:51

Hvala. Obrisao sam pomenute Iobit programe.


Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Ivan on uto 04.03.2014 at 13:37:07,74.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

4.3.2014 13:38:23 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1920287994-4166790629-4267699446-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default

---- Lines delta removed from prefs.js ----
user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119816&tt=190313_wo1&babsrc=HP_ss&mntrId=CA1450E54945F1A4");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "ca14aed900000000000050e54945f1a4");
user_pref("extensions.delta.instlDay", "15791");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.011:30:59");
user_pref("extensions.delta.vrsni", "1.8.10.0");
---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "ca14aed900000000000050e54945f1a4");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15791");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.011:30:59");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- FireFox user.js and prefs.js backups ----

user_04.03.2014_1344_.backup
prefs_04.03.2014_1344_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\PROGRA~2\Advanced System Optimizer 3 deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Driver-Soft deleted
C:\Users\Ivan\AppData\Roaming\dll-files.com deleted
C:\Users\Ivan\AppData\Roaming\MPUI.ini deleted
C:\Users\Ivan\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\Users\Ivan\AppData\Roaming\Babylon deleted
C:\Users\Ivan\AppData\Roaming\Systweak deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\QuickSet deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Babylon deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\SummerSoft deleted
C:\Users\Ivan\AppData\Local\CRE deleted
C:\Users\Ivan\AppData\Local\eSupport.com deleted
C:\Users\Ivan\AppData\Local\NativeMessaging deleted
C:\Users\Ivan\AppData\Local\Wondershare deleted
C:\Users\Ivan\AppData\Local\Bundled software uninstaller deleted
C:\Users\Ivan\AppData\Local\Conduit deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Ivan\AppData\LocalLow\Conduit deleted
C:\END deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\bProtector_extensions.rdf deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\searchplugins\delta.xml" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [12.12.2013 19:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
- Hide IP Easy - %ProfilePath%\extensions\support@easy-hideip.com.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[12.10.2013 13:04]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - No path found[]

Photo Zoom for Facebook - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Stylish - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
AdBlock - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chrome Fix ======================

C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_youtube.conduitapps.com_0.localstorage deleted successfully
C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.delta-search.com/?affID=119816&tt=190313_wo1&babsrc=HP_ss&mntrId=CA1450E54945F1A4"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ivan\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ivan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ivan\AppData\Local\Mozilla\Firefox\Profiles\ealg8ttf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=206 folders=81 40215378 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ivan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ivan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on uto 04.03.2014 at 13:47:44,96 ======================

Dopuna: 04 Mar 2014 13:54

U međuvremenu mi se pojavio blue screen i kompjuter se sam restartovao, to mi se dešavalo i ranije jednom u 15-20 dana

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 9242

Additional information about the problem:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA80061CA550
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\030414-8970-01.dmp
C:\Users\Ivan\AppData\Local\Temp\WER-12292-0.sysdata.xml

Read our privacy statement online:
[Link mogu videti samo ulogovani korisnici]

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Dopuna: 04 Mar 2014 14:01

ComboFix 14-03-04.01 - Ivan 04.03.2014 13:55:10.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.8175.6281 [GMT 1:00]
Running from: d:\downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Ivan\AppData\Roaming\inst.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-04 to 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 12:57 . 2014-03-04 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-04 12:46 . 2014-03-04 12:36 24064 ----a-w- c:\windows\zoek-delete.exe
2014-03-04 12:46 . 2014-03-04 12:58 -------- d-----w- c:\users\Ivan\AppData\Local\Temp
2014-03-04 12:36 . 2014-03-04 12:45 -------- d-----w- C:\zoek_backup
2014-02-28 19:22 . 2014-02-28 19:22 -------- d-----w- c:\users\Ivan\AppData\Local\Skype
2014-02-26 10:20 . 2014-02-26 10:20 -------- d-----w- c:\program files (x86)\AC3Filter
2014-02-26 10:20 . 2012-06-17 21:18 1202688 ----a-w- c:\windows\system32\ac3filter64.acm
2014-02-26 10:20 . 2012-06-17 21:10 965120 ----a-w- c:\windows\SysWow64\ac3filter.acm
2014-02-25 15:40 . 2014-02-25 15:40 219248 ----a-w- c:\windows\SysWow64\vm3dum.dll
2014-02-25 15:40 . 2014-02-25 15:40 3223152 ----a-w- c:\windows\SysWow64\vm3dgl.dll
2014-02-25 15:40 . 2014-02-25 15:40 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2014-02-25 15:40 . 2014-02-25 15:40 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-02-25 15:38 . 2014-02-25 16:27 182272 ----a-w- c:\windows\SysWow64\wmpsrcwp.dll
2014-02-25 15:38 . 2014-02-25 16:27 105472 ----a-w- c:\windows\SysWow64\wmpshell.dll
2014-02-25 15:38 . 2014-02-25 16:27 144384 ----a-w- c:\windows\SysWow64\wmpps.dll
2014-02-25 15:37 . 2014-02-25 16:27 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2014-02-25 15:37 . 2014-02-25 16:27 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-25 15:36 . 2014-02-25 16:26 1624064 ----a-w- c:\windows\SysWow64\WMPEncEn.dll
2014-02-25 15:36 . 2014-02-25 16:26 352256 ----a-w- c:\windows\SysWow64\wmpeffects.dll
2014-02-25 15:36 . 2014-02-25 16:26 299520 ----a-w- c:\windows\SysWow64\wmpdxm.dll
2014-02-25 15:36 . 2014-02-25 16:26 170496 ----a-w- c:\windows\SysWow64\WmpDui.dll
2014-02-25 15:36 . 2014-02-25 16:26 22528 ----a-w- c:\windows\SysWow64\wmpcm.dll
2014-02-25 15:36 . 2014-02-25 16:25 2048 ----a-w- c:\windows\SysWow64\wmerror.dll
2014-02-25 15:36 . 2014-02-25 16:25 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
2014-02-25 15:36 . 2014-02-25 16:25 50800 ----a-w- c:\windows\SysWow64\vmhgfs.dll
2014-02-25 15:36 . 2014-02-25 16:25 34416 ----a-w- c:\windows\SysWow64\vmGuestLibJava.dll
2014-02-25 15:35 . 2014-02-25 16:25 53360 ----a-w- c:\windows\SysWow64\vmGuestLib.dll
2014-02-25 15:35 . 2014-02-25 16:24 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2014-02-25 15:35 . 2014-02-25 16:24 266752 ----a-w- c:\windows\SysWow64\MediaMetadataHandler.dll
2014-02-25 15:34 . 2014-02-25 16:24 219648 ----a-w- c:\windows\SysWow64\iTVData.dll
2014-02-25 15:34 . 2014-02-25 16:24 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2014-02-25 15:08 . 2014-02-25 16:29 278528 ----a-w- c:\windows\SysWow64\unregmp2.exe
2014-02-25 15:08 . 2014-02-25 16:29 83968 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-25 15:06 . 2014-02-25 15:34 -------- d-----w- c:\windows\ehome
2014-02-25 15:05 . 2014-02-25 15:05 -------- d-----w- c:\programdata\Weskysoft
2014-02-25 14:58 . 2014-02-25 14:58 -------- d-----w- c:\program files (x86)\DLLSuite
2014-02-25 14:57 . 2014-02-25 14:57 970912 ----a-w- c:\windows\SysWow64\msvcr120.dll
2014-02-25 14:57 . 2014-02-25 14:57 963232 ----a-w- c:\windows\system32\msvcr120.dll
2014-02-15 16:34 . 2014-02-15 16:34 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2014-02-06 19:50 . 2014-02-06 19:50 -------- d-----w- c:\users\Ivan\AppData\Roaming\ImTOO
2014-02-06 19:50 . 2014-02-06 19:50 -------- d-----w- c:\programdata\ImTOO
2014-02-06 19:50 . 2014-02-06 19:50 -------- d-----w- c:\program files (x86)\ImTOO
2014-02-06 19:50 . 2012-09-08 20:38 37532835 ----a-w- C:\video-converter-ultimate7.exe
2014-02-06 19:20 . 2014-02-06 19:20 -------- d-----w- c:\users\Ivan\AppData\Roaming\HandBrake
2014-02-06 19:17 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2014-02-06 19:17 . 2003-10-17 11:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-02-06 19:16 . 2014-02-06 19:18 -------- d-----w- c:\program files (x86)\eRightSoft
2014-02-06 14:50 . 2014-02-06 14:50 -------- d-----w- c:\users\Ivan\AppData\Roaming\AVS4YOU
2014-02-06 14:49 . 2014-02-06 14:53 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2014-02-06 14:49 . 2014-02-06 14:50 -------- d-----w- c:\programdata\AVS4YOU
2014-02-06 14:49 . 2012-03-23 18:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2014-02-06 14:49 . 2012-03-23 18:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2014-02-06 14:25 . 2014-02-06 14:25 -------- d-----w- c:\users\Ivan\AppData\Roaming\AnvSoft
2014-02-06 14:14 . 2014-02-06 14:14 -------- d-----w- c:\users\Ivan\AppData\Roaming\Xilisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-26 10:35 . 2013-02-13 19:33 82816 ----a-w- c:\users\Ivan\AppData\Roaming\pcouffin.sys
2014-02-22 18:13 . 2013-02-13 18:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 18:13 . 2013-02-13 18:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 00:28 . 2013-02-14 00:33 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-08 14:54 . 2014-01-21 09:47 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll20140121104741.dll
2014-01-08 14:54 . 2014-01-21 09:47 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-24 09:40 . 2014-01-21 09:47 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-02-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-02-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-10-25 1839616]
"MCShield Monitor"="c:\program files (x86)\MCShield\MCShieldRTM.exe" [2014-02-02 650816]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]
"HDInspector.exe"="c:\program files (x86)\Hard Drive Inspector\HDInspector.exe" [2013-07-12 3163088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 LUM;LUM;c:\windows\system32\drivers\LUM.sys;c:\windows\SYSNATIVE\drivers\LUM.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe;c:\program files\Dassault Systemes\B205\win_b64\code\bin\CATSysDemon.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 09:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 18:13]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-13 23:56]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-13 23:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-23 13632216]
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{12CD6203-51D3-4DC9-A0F6-BBC2B6D5CA5D}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{2410B4A3-A52F-485C-AAB7-ED0DFFF39655} - c:\progra~3\INSTAL~2\{2410B~1\Setup.exe
AddRemove-{3B2B35B5-4011-4258-A0B3-0833E0C81743} - c:\progra~3\INSTAL~2\{3B2B3~1\Setup.exe
AddRemove-{53CC30BC-8DBC-4E8D-AC66-C59E882F124A} - c:\progra~3\INSTAL~2\{53CC3~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
.
**************************************************************************
.
Completion time: 2014-03-04 14:00:30 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-04 13:00
.
Pre-Run: 27.781.619.712 bytes free
Post-Run: 27.106.385.920 bytes free
.
- - End Of File - - 202512E6F9D37A6FB44E556077A472DC
2DA80A08FF1875832AEFA4393906586B

Poslao: 04 Mar 2014 14:38
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Postavi mi takodje i sledece dodatne izvestaje koje je formirao ComboFix:


C:\Qoobox\Add-Remove Programs.txt
C:\Qoobox\ComboFix-quarantined-files

Poslao: 04 Mar 2014 18:15
Idi na vrh
offline
  • Pridružio: 24 Sep 2008
  • Poruke: 33
  • Gde živiš: BG

Napisano: 04 Mar 2014 18:14

Add-Remove Programs

@BIOS
AC3Filter 2.5b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.05)
AIDA64 Extreme Edition v3.20
AIMP3
AMD Catalyst Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
AVI ReComp 1.5.5
AviSynth 2.5
Battlefield 4 Update 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
D3DX10
DAEMON Tools Lite
Dassault Systemes Doc English CATIA B205
Dropbox
Easy Tune 6 B11.0630.1
Face_Wizard B10.1230.01
Flvto Converter
Football Manager 2014
FormatFactory 3.3.1.0
Free Stopwatch 2.7.0
Free Video Dub version 2.0.21.827
Free YouTube Download version 3.2.18.1128
Free YouTube to MP3 Converter version 3.12.17.1127
Freemake Video Downloader
GOM Player
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto IV
Hard Drive Inspector Professional 4.16 build # 170
ImTOO Video Converter Ultimate
Intel(R) Management Engine Components
iolo technologies' System Mechanic
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes Anti-Malware version 1.75.0.1300
ManageMyMobile
MCShield ::Anti-Malware Tool::
Microsoft Games for Windows - LIVE Redistributable
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2005 Tools for Applications - ENU
MiniTool Partition Wizard Home Edition 7.7
Movie Maker
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.1
MSVCRT
MSVCRT110
Photo Common
Photo Gallery
PhotoScape
Picasa 3
Realtek High Definition Audio Driver
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype™ 6.14
Smart Defrag 3
Subtitle Edit 3.3.6
Subtitle Workshop 2.51
Surfing Protection
System Requirements Lab for Intel
TeamViewer 8
TouchBIOS B11.0623.1
Update Manager B10.0728.1
VBA (3821b)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VobSub 2.23
VSO ConvertXToDVD
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
Xvid Video Codec
XWidget Ver1.88

Dopuna: 04 Mar 2014 18:15

ComboFix-quarantined-files

2014-03-04 12:59:41 . 2014-03-04 12:59:41 1,243 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}.reg.dat
2014-03-04 12:59:41 . 2014-03-04 12:59:41 656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814}.reg.dat
2014-03-04 12:59:31 . 2014-03-04 12:59:31 190 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-Run-Advanced SystemCare 6.reg.dat
2014-03-04 12:56:58 . 2014-03-04 12:56:58 1,224 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_npf.reg.dat
2014-03-04 12:56:58 . 2014-03-04 12:56:58 1,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2014-03-04 12:56:49 . 2014-03-04 12:56:49 4,278 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-03-04 12:54:34 . 2014-03-04 12:54:34 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-03-27 10:31:04 . 2013-03-27 10:31:04 3,072 ----a-w- C:\Qoobox\Quarantine\C\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage.vir
2013-02-13 19:33:17 . 2014-02-26 10:35:50 99,384 ----a-w- C:\Qoobox\Quarantine\C\Users\Ivan\AppData\Roaming\inst.exe.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 96,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 53,299 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir
2011-02-11 21:23:34 . 2011-02-11 21:23:34 281,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir

Poslao: 04 Mar 2014 21:25
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

U redu, ovo izgleda vrlo dobro.

Iskoristicemo zoek jos jedan put cisto da potucemo neke ostatke koje nisu pravilno uklonjene preko uninstall procesa. Samo izvrsenje zoek fix-a ce trajati kratko.





Arrow Ponovo pokreni zoek ;

zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;

U beli okvir prozora iskopiraj sledeći tekst:
nfengeggddojhakldhlpjdlddgkkjkdd;CHR
C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com;F
C:\Program Files (x86)\IObit;FS
LiveUpdateSvc;S
Reboot;

Klikni na dugme i pričekaj da se skeniranje završi.

zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Poslao: 05 Mar 2014 11:07
Idi na vrh
offline
  • Pridružio: 24 Sep 2008
  • Poruke: 33
  • Gde živiš: BG

Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Ivan on sre 05.03.2014 at 11:02:06,12.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-04-124744.log 11846 bytes

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LiveUpdateSvc deleted successfully

==== Deleting Files \ Folders ======================

"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome.manifest" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\icon.png" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\install.rdf" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.xul" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\imagemgr.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\languagemgr.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\popbox.css" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\protectpage.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\searchresultmgr.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content\urlbaricon.js" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome" deleted
"C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ealg8ttf.default\extensions\ascsurfingprotection@iobit.com\chrome\content" deleted
"C:\Program Files (x86)\IObit" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[]

Google Docs - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
SocialReviver - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald
YouTube - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Photo Zoom for Facebook - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Stylish - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
AdBlock - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1414 folders=153 435113807 bytes)

==== After Reboot ======================

==== EOF on sre 05.03.2014 at 11:04:24,51 ======================

Poslao: 05 Mar 2014 12:51
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

U redu, to je to. Wink


Sledeća procedura će implementirati završno čišćenje.


Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


--- --- ---


Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



--- --- ---


Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa ovog linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.

Poslao: 05 Mar 2014 12:56
Idi na vrh
offline
  • Pridružio: 24 Sep 2008
  • Poruke: 33
  • Gde živiš: BG

Hvala puno!! Wink

Poslao: 05 Mar 2014 12:59
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Nema na cemu. Wink

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu
 

Ukupno su 568 korisnika na forumu :: 24 registrovanih, 2 sakrivenih i 542 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 6footboy, A.R.Chafee.Jr., Bojan85, Bokimajk, Botovac, Citalac, Doc, Džekson, farabut, katana98, Konda, Mzee, Otto Grunf, Parker, pein, Pero, RD84, rinkomadu, shlauf, Slingshot, Szigetwar, theBorer, Tila Painen, zlaya011