Vec par dana pronalazim tolbar pup delta search,kako da ga uklonim

2

Vec par dana pronalazim tolbar pup delta search,kako da ga uklonim

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

https://www.mycity.rs/must-login.png
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Dalibor on sub 22.06.2013 at 10:20:33,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sub 22.06.2013 at 10:26:16,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Postavi mi jos jednom GMER i DDS izvestaje...imas u prethodnim porukama uputstvo za GMER...

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Dalibor at 12:30:53 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.487 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dalibor\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [Domino] c:\windows\Domino.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dalibor\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1367043419484
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9F4E3ED5-5E40-425C-BD51-990C50442851} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dalibor\application data\mozilla\firefox\profiles\6e0jhsd5.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF - plugin: c:\documents and settings\dalibor\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\dalibor\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\iobit\advanced systemcare ultimate\browerprotect\np_Asc_plugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-05-27 12:45; {65030561-c150-4370-836c-7c9d04f7a1b4}; c:\documents and settings\dalibor\application data\mozilla\firefox\profiles\6e0jhsd5.default\extensions\{65030561-c150-4370-836c-7c9d04f7a1b4}
FF - ExtSQL: 2013-06-01 10:13; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-06-02 06:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-06-09 11:09; ascsurfingprotection@iobit.com; c:\documents and settings\dalibor\application data\mozilla\firefox\profiles\6e0jhsd5.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-1 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-1 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-1 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-1 368944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-1 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-1 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-1 46808]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-4-24 428160]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-4-28 1691480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2013-06-20 07:27:12 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-20 07:27:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-14 07:17:09 -------- d-----w- c:\program files\Unlocker
2013-06-12 07:10:17 -------- d-----w- c:\documents and settings\dalibor\application data\TuneUp Software
2013-06-12 07:09:57 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2013-06-12 07:09:38 -------- d-sh--w- c:\documents and settings\all users\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-06-12 07:09:38 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-06-12 06:45:43 74752 -c----w- c:\windows\system32\dllcache\cryptdlg.dll
2013-06-12 06:45:08 -------- d-----w- c:\windows\system32\winrm
2013-06-12 06:45:08 -------- d-----w- c:\windows\system32\GroupPolicy
2013-06-12 06:44:57 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-06-09 07:09:26 -------- d-----w- c:\documents and settings\all users\application data\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-06-09 07:09:22 -------- d-----w- c:\documents and settings\dalibor\AppData
2013-06-09 07:09:15 -------- d-----w- c:\documents and settings\all users\application data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-06-09 07:06:05 -------- d-----w- c:\documents and settings\dalibor\SyncFolder
2013-06-09 07:01:58 -------- d-----w- c:\program files\MyPC Backup
2013-06-07 11:04:24 -------- d-----w- c:\program files\FastStone Capture
2013-06-02 04:25:14 -------- d-----w- c:\windows\system32\XPSViewer
2013-06-02 04:24:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-06-02 04:24:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-06-02 04:24:28 117760 ------w- c:\windows\system32\prntvpt.dll
2013-06-02 04:24:27 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-06-02 04:24:27 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-06-02 04:24:27 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-06-02 04:24:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-06-02 04:24:27 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-06-02 04:24:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-06-01 20:01:32 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\VS Revo Group
2013-06-01 08:13:18 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-01 08:13:17 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-01 08:13:17 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-01 08:13:16 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-01 08:12:49 41664 ----a-w- c:\windows\avastSS.scr
2013-06-01 08:12:46 35088 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-05-27 10:06:14 -------- d-----w- c:\program files\Hitman Pro 3.5
.
==================== Find3M ====================
.
2013-06-22 04:30:56 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2013-06-20 07:26:55 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-20 07:26:55 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 03:18:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 03:18:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-10 07:57:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-26 22:53:57 74752 ----a-w- c:\windows\system32\cryptdlg.dll
.
============= FINISH: 12:31:33,04 ===============

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Malware nije prisutan, a ono sto je SAS prijavljivao jeste u okviru System Restore-a sto je bezopasno po sistem. Kakvo je sada stanje...

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Sada radi mnogo bolje

Ko je trenutno na forumu
 

Ukupno su 450 korisnika na forumu :: 11 registrovanih, 2 sakrivenih i 437 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, amstel, bojank, darios, djordje92sm, Doca, Hoegaarden, Krusarac, kybonacci, miljannis, pein