MyCity » Ambulanta -> Arhiva Ambulante » WProtectManager.exe virus,aal.coumpatch.com popup,ads by info

WProtectManager.exe virus,aal.coumpatch.com popup,ads by info

Napisano na dan: 8.11.2014

WProtectManager.exe virus,aal.coumpatch.com popup,ads by info

Sledeća strana

Pagination

Odgovori

Phil Ivey Poslao: 08 Nov 2014 19:01 Idi na vrh
offline Phil Ivey Građanin Pridružio: 19 Apr 2012 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav. Imam problem sa otvaranjem pojedinih stranica, pop up(ovaj iz naslova teme) mi se vise ne pojavljiva, jer sam po netu trazio nacin kako da rijesim ove probleme( sa adw-om), ali zadnja stranica na kojoj mi se pojavio se ne otvara. mycity.rs/must-login.png Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01 Ran by JACOB (administrator) on JACOB-PC on 08-11-2014 18:48:09 Running from D:\Downloads Loaded Profile: JACOB (Available profiles: JACOB) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-03] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe /autoRun] => C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe /autoRun] => C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1322857161-1813494267-1219462367-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity) HKU\S-1-5-21-1322857161-1813494267-1219462367-1000\...\MountPoints2: {b561c289-7b8b-11e3-9955-90fba6a6c5e5} - F:\pushinst.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <ATTENTION> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-20] Chrome: ======= CHR Profile: C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (reddit companion) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2013-07-04] CHR Extension: (Google disk) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18] CHR Extension: (YouTube) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-18] CHR Extension: (Google pretraživanje) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-18] CHR Extension: (AdBlock) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-21] CHR Extension: (Reddit Enhancement Suite) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-11] CHR Extension: (Skype Click to Call) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-18] CHR Extension: (Google Novčanik) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-11-14] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2013-11-17] () R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed] S2 .EsetTrialReset; No ImagePath S2 AdvancedSystemCareService5; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-02-11] () [File not signed] S3 ALSysIO; \??\C:\Users\JACOB\AppData\Local\Temp\ALSysIO64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-08 18:47 - 2014-11-08 18:48 - 00000000 ____D () C:\FRST 2014-11-07 19:01 - 2014-11-07 19:04 - 00061834 ____N () C:\Windows\WindowsUpdate.log 2014-11-07 17:56 - 2014-11-07 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-05 07:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-11-05 07:21 - 2014-11-07 11:47 - 00000000 ____D () C:\AdwCleaner 2014-11-03 19:16 - 2014-11-03 19:21 - 00003410 _____ () C:\Windows\System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-2 2014-11-03 19:15 - 2014-11-08 15:39 - 00001338 _____ () C:\Windows\Tasks\OPQNQA.job 2014-11-03 19:15 - 2014-11-03 19:15 - 00005850 _____ () C:\Windows\System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-6 2014-11-03 19:15 - 2014-11-03 19:15 - 00004364 _____ () C:\Windows\System32\Tasks\OPQNQA 2014-11-03 19:14 - 2014-11-03 19:14 - 00003716 _____ () C:\Windows\System32\Tasks\ITWMSTF 2014-11-03 19:14 - 2014-11-03 19:14 - 00001684 _____ () C:\Windows\Tasks\ITWMSTF.job ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-08 18:02 - 2013-11-01 04:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-08 12:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-11-08 11:36 - 2010-11-13 19:52 - 00000000 ____D () C:\Users\JACOB\AppData\Roaming\uTorrent 2014-11-07 18:22 - 2009-07-14 05:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-07 18:22 - 2009-07-14 05:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-07 18:18 - 2009-07-14 06:13 - 00730532 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-07 18:14 - 2013-09-25 20:53 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-11-07 18:14 - 2012-04-01 16:26 - 00000000 ____D () C:\ProgramData\MCShield 2014-11-07 18:14 - 2009-07-14 06:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-07 18:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-07 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-11-05 07:28 - 2013-10-30 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-05 07:28 - 2012-06-10 20:48 - 00000000 ____D () C:\Users\JACOB\AppData\Roaming\Mozilla 2014-11-05 07:24 - 2012-11-18 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-05 07:24 - 2010-11-06 20:16 - 00001176 _____ () C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-05 07:24 - 2010-11-06 20:15 - 00000000 ____D () C:\Users\JACOB 2014-11-01 20:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-31 10:17 - 2011-02-26 22:07 - 00000000 ____D () C:\Users\JACOB\AppData\Local\CrashDumps 2014-10-27 20:04 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\JACOB\AppData\Roaming\foobar2000 2014-10-10 15:33 - 2012-02-29 10:51 - 00000000 ____D () C:\Users\JACOB\AppData\Roaming\Skype 2014-10-10 13:53 - 2012-12-28 13:19 - 00000000 ____D () C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices Some content of TEMP: ==================== C:\Users\JACOB\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 10:15 ==================== End Of Log ============================ mycity.rs/must-login.png speedtest.net/my-result/3894199600

Profil

magna86 Poslao: 08 Nov 2014 23:22 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CloseProcesses: CMD: ipconfig /flushdns Task: {17F821E0-AE7F-4D5E-9B11-C52C22059E1F} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-5 No Task File <==== ATTENTION Task: {2668EF01-A3A6-4965-8D68-95CBBA3A377F} - System32\Tasks\ITWMSTF => C:\Users\JACOB\AppData\Roaming\ITWMSTF.exe <==== ATTENTION Task: {2C15A4CE-B8D0-4283-80AC-F74A6786DEE7} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-3 No Task File <==== ATTENTION Task: {30F1E065-721D-4DCC-BD96-54CEE5AF6CB9} - System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-2 => C:\Users\JACOB\AppData\Local\Temp\nsr7E69.tmp\9680cfce-6c8c-4058-9298-0cf321f1ab8a-2.exe <==== ATTENTION Task: {47C3E9EE-6347-477E-8026-FD78A0E28106} - System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-6 => C:\Program Files (x86)\TotalPlusHD-3.1V03.11\9680cfce-6c8c-4058-9298-0cf321f1ab8a-6.exe Task: {72EFC52B-A098-4892-9C52-A7BC2CBB945F} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-4 No Task File <==== ATTENTION Task: {78AD0601-DA14-454C-B9B6-F390596E2EFB} - System32\Tasks\OPQNQA => C:\Users\JACOB\AppData\Roaming\OPQNQA.exe <==== ATTENTION Task: {887B892F-5953-4340-956C-BD9A038D2B28} - \557253e0-875f-44bf-a6eb-29ba26a5d53d-1 No Task File <==== ATTENTION Task: {9A0D8746-2B8E-4073-AA8E-5A80C6A400FD} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-7 No Task File <==== ATTENTION Task: {B217F3A4-BE18-4368-9B64-B48A8D1B4BA2} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-1 No Task File <==== ATTENTION Task: {D631E1FD-3238-4DCD-8D05-1E5796658F2B} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-6 No Task File <==== ATTENTION Task: {F8322000-CCD5-4F6D-AE14-C9748B31EF67} - \9680cfce-6c8c-4058-9298-0cf321f1ab8a-2 No Task File <==== ATTENTION Task: C:\Windows\Tasks\ITWMSTF.job => C:\Users\JACOB\AppData\Roaming\ITWMSTF.exe <==== ATTENTION Task: C:\Windows\Tasks\OPQNQA.job => C:\Users\JACOB\AppData\Roaming\OPQNQA.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:07BF512B AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 HKU\S-1-5-21-1322857161-1813494267-1219462367-1000\...\MountPoints2: {b561c289-7b8b-11e3-9955-90fba6a6c5e5} - F:\pushinst.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml S2 .EsetTrialReset; No ImagePath S2 AdvancedSystemCareService5; No ImagePath Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CMD: netsh advfirewall reset CMD: bitsadmin /reset /allusers Hosts: C:\Program Files (x86)\TotalPlusHD-3.1V03.11 C:\Users\JACOB\AppData\Roaming\OPQNQA.exe C:\Users\JACOB\AppData\Roaming\ITWMSTF.exe C:\Users\JACOB\AppData\Roaming\OPQNQA.exe C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml C:\Windows\System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-2 C:\Windows\Tasks\OPQNQA.job C:\Windows\System32\Tasks\temp_9680cfce-6c8c-4058-9298-0cf321f1ab8a-6 C:\Windows\System32\Tasks\OPQNQA C:\Windows\System32\Tasks\ITWMSTF C:\Windows\Tasks\ITWMSTF.job RemoveDirectory: C:\AdwCleaner EmptyTemp: 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

Phil Ivey Poslao: 08 Nov 2014 23:54 Idi na vrh
offline Phil Ivey Građanin Pridružio: 19 Apr 2012 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png

Profil

magna86 Poslao: 09 Nov 2014 00:39 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop. • Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); • Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. ------------------------------------------------------------ 2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada. Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo. ------------------------------------------------------------ 3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree! • ComboFix će proveriti da li je dostupna nova verzija alata. Klikni Yes ako je zatrazeno preuzimanje. • Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju. Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console • ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza. Ne kliktati okolo dok ComboFix ispituje sistem. • Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje. Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta); Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem. ------------------------------------------------------------ 4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt) Iskopiraj sadržaj ComboFix.txt izveštaja u poruku. ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt) Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

Profil

Phil Ivey Poslao: 09 Nov 2014 01:30 Idi na vrh
offline Phil Ivey Građanin Pridružio: 19 Apr 2012 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 14-11-03.01 - JACOB 9.11.2014. 1:18.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.385.1033.18.2934.1867 [GMT 1:00] Running from: c:\users\JACOB\Desktop\ComboFix.exe SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SecureW2 c:\program files (x86)\SecureW2\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\windows\SysWow64\UNWISE.EXE . . ((((((((((((((((((((((((( Files Created from 2014-10-09 to 2014-11-09 ))))))))))))))))))))))))))))))) . . 2014-11-09 00:24 . 2014-11-09 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-08 17:47 . 2014-11-08 22:50 -------- d-----w- C:\FRST 2014-11-07 16:56 . 2014-11-07 16:56 -------- d-----w- c:\programdata\Malwarebytes 2014-11-05 06:23 . 2010-08-30 07:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-24 15:02 . 2013-11-01 03:52 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 15:02 . 2011-05-24 09:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-11 04:58 . 2011-03-28 17:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2012-03-12 583680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PWRISOVM.EXE"=d:\poweriso\PWRISOVM.EXE . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 ALSysIO;ALSysIO;c:\users\JACOB\AppData\Local\Temp\ALSysIO64.sys;c:\users\JACOB\AppData\Local\Temp\ALSysIO64.sys [x] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x] R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 11:58 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-01 15:02] . 2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 21:27] . 2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18 21:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1322857161-1813494267-1219462367-1000\Software\SecuROM\License information*] "datasecu"=hex:cd,7d,90,77,5c,88,66,de,38,f4,3b,bf,4c,cd,cb,5a,33,b4,dc,31,41, 6b,13,82,f9,1b,c5,98,8f,77,ff,71,c1,a1,15,55,fa,ec,99,f6,a7,a7,9b,2a,5b,ec,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-09 01:27:05 ComboFix-quarantined-files.txt 2014-11-09 00:27 . Pre-Run: 38.093.422.592 bytes free Post-Run: 37.799.858.176 bytes free . - - End Of File - - D1080E1AF9A50D26BABB5D18522F3548 A36C5E4F47E84449FF07ED3517B43A31 mycity.rs/must-login.png mycity.rs/must-login.png

Profil

magna86 Poslao: 09 Nov 2014 16:27 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trazi se da se izvestaj iskopira u poruku. Otvoriti Notepad i iskopirati sledeci tekst: `DeQuarantine:: C:\Qoobox\Quarantine\C\program files (x86)\SecureW2 C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2 Quit::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Samo vreme ove procedure nece dugo trajati. Reci mi kako ti se sada ponasa racunar?

Profil

Phil Ivey Poslao: 09 Nov 2014 18:27 Idi na vrh
offline Phil Ivey Građanin Pridružio: 19 Apr 2012 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: C:\Qoobox\Quarantine\C\program files (x86)\SecureW2\Uninstall.exe -> C:\program files (x86)\SecureW2\Uninstall.exe 1 File(s) copied C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk 2 File(s) copied mycity.rs/must-login.png Ponaša se kao da nema nikakvih problema, ali opet mi nece da otvori hrsport.net/. SecureW2 je program koji sam koristio za net u studentskom domu.

Profil

magna86 Poslao: 09 Nov 2014 19:05 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	1Ovo se svidja korisniku: Phil Ivey Registruj se da bi pohvalio/la poruku! Phil Ivey ::Ponaša se kao da nema nikakvih problema, ali opet mi nece da otvori http://www.hrsport.net/. Probaj da resetujes Firefox i Chrome browser na njihova default podesavanja. To ce takodje obrisati cache i verovatno resiti problem. https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems https://support.google.com/chrome/answer/3296214?hl=en Inace, ovde vise nema aktivne infekcije, sistem je cist. ============================= • Sledeća procedura će implementirati završno čišćenje. 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: `Start DeleteQuarantine: End` 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Nije potrebno sadržaj tog loga iskopirati u poruku, ovo je zavrsno ciscenje. ============================= Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. ============================= Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja. ============================= Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja. Program možeš preuzeti sa ovog linka. http://www.mcshield.net/ Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u. Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html Instaliraj neki AntiVirus. Pogledaj ovu temu i donesi odluku. http://www.mycity.rs/Zastita/Spisak-antivirusnih-programa.html To bi bilo to. Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » WProtectManager.exe virus,aal.coumpatch.com popup,ads by info

Ko je trenutno na forumu

Ukupno su 1028 korisnika na forumu :: 45 registrovanih, 10 sakrivenih i 973 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aramis s, babaroga, bankulen, Bobrock1, Boris90, CHARLIE JA., darkangel, Darko8, Denaya, Djokkinen, DonRumataEstorski, Dorcolac, dule10savic, Frunze, goxin, havoc995, kjkszpj, kobaja77, Kubovac, kuntalo, KUZMAR, kybonacci, laurusri, Lieutenant, ljuba, ljubacv, mercedesamg, milenko crazy north, N.e.m.a.nj.a., nenooo, panzerwaffe, pein, Pohovani_00, procesor, raptorsi, raykan, Ripanjac, RJ, Sir Budimir, Srky Boy, vathra, Vatreni Zmaj, YugoSlav

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by