gogle chrome problem

1

gogle chrome problem

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

pozdrav,imam problem sa gogle chrome,tesko ucitava stranice,zaledi stranicu da moram restarovati racunar,kada otvorim gmail sanduce zaledi sliku ne mogu nista koristiti moram ponovo restartovati.ne mogu obrisati stranicu"delta search",non stop izbacuje stranica ne reagira.molim vas za pomoc

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Vec si bio u Ambulanti, tako da znas da ti ne mozemo pomoci bez izvestaja Wink

Isprati ovu temu i dostavi izvestaje Smile

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by user at 11:11:19 on 2013-08-25
..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Reader X (10.1.7) - Croatian
Adobe Shockwave Player 12.0
Advanced SystemCare 6
Advertising Center
ALNO AG Kitchen Planner
Apple Application Support
Apple Software Update
µTorrent
Bob the Builder Can-Do Carnival
BrowserDefender
Bundled software uninstaller
CCleaner
Chicken Invaders v1.30
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
DefaultTab
Delta Chrome Toolbar
Delta toolbar
eType
FilesFrog Update Checker
Fishing Simulator 2
Google Chrome
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware verzija 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NVIDIA Drivers
OpenOffice.org 3.2
Over the Hedge(TM)
Search Protect
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834903)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 6.5
Snooker147 1.0
Software Version Updater
Star Defender 4
Sunčica među brojevima
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player 2.0.2
Volaro Updater
Vonteera
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Croatian Interface Pack
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Search 4.0
WinRAR archiver
.
==== End Of File ===========================

============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Application Data\eType\eTypeUpdate.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arabyonline.com/?src=1000RJWDA1377352261
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.arabyonline.com/?src=1000RJWDA1377352261
uInternet Connection Wizard,ShellNext = iexplore
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.24.6\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.24.6\deltaTlbr.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [Volaro Update] c:\program files\volaro\updater\Updater.exe
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\user\application data\babsolution\shared\enhancedNT.dll",Run
uRun: [eType] c:\documents and settings\user\application data\etype\eType.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354967150453
TCP: NameServer = 192.168.88.1 192.168.11.5 8.8.8.8
TCP: Interfaces\{9FE28828-9470-41AB-AC89-7CBE7B96C1DB} : DHCPNameServer = 192.168.88.1 192.168.11.5 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-08-24 22:07:56 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe0c2886-e290-4442-8fc9-bc2902c8394d}\mpengine.dll
2013-08-24 13:48:26 -------- d-----w- c:\documents and settings\user\application data\eType
2013-08-24 13:32:04 -------- d-----w- c:\program files\Delta
2013-08-24 13:31:53 -------- d-----w- c:\documents and settings\user\application data\Delta
2013-08-24 13:31:37 -------- d-----w- c:\documents and settings\user\application data\BabSolution
2013-08-23 19:18:47 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 16:11:16 -------- d-----w- c:\program files\HWiNFO32
2013-08-22 13:48:49 -------- d-----w- c:\program files\Softonic
2013-08-21 19:53:05 -------- d-----w- C:\Drivers Backup
2013-08-21 19:51:29 -------- d-----w- c:\program files\Driver Magician
2013-08-21 19:47:29 -------- d-----w- c:\documents and settings\user\local settings\application data\avgchrome
2013-08-21 19:43:14 -------- d-----w- c:\documents and settings\user\application data\Babylon
2013-08-20 18:33:47 -------- d-----w- C:\UnknownFolder14060
2013-08-20 18:33:43 -------- d-----w- C:\UnknownFolder69633
2013-08-20 18:33:36 -------- d-----w- C:\UnknownFolder27039
2013-08-20 18:13:01 -------- d-----w- C:\UnknownFolder1968
2013-08-20 18:11:45 -------- d-----w- C:\UnknownFolder26915
2013-08-20 18:08:22 -------- d-----w- C:\UnknownFolder15267
2013-08-20 18:08:19 -------- d-----w- C:\UnknownFolder39255
2013-08-20 18:08:16 -------- d-----w- C:\UnknownFolder39239
2013-08-20 17:44:47 -------- d-----w- C:\UnknownFolder36554
2013-08-20 17:42:26 -------- d-----w- C:\UnknownFolder36132
2013-08-20 17:42:23 -------- d-----w- C:\UnknownFolder36348
2013-08-20 17:42:23 -------- d-----w- C:\UnknownFolder32921
2013-08-20 17:42:23 -------- d-----w- c:\program files\Xfire
2013-08-20 17:42:14 -------- d-----w- C:\UnknownFolder36797
2013-08-20 17:42:13 -------- d-----w- C:\UnknownFolder25951
2013-08-20 16:34:07 -------- d-----w- c:\program files\Volaro
2013-08-20 16:34:00 -------- d-----w- c:\program files\VonteeraAddon
2013-08-20 16:32:03 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-08-20 16:30:47 -------- d-----w- c:\documents and settings\user\application data\SwvUpdater
2013-08-18 15:57:26 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2013-08-18 15:57:24 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-08-18 15:57:24 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2013-08-18 15:57:22 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-08-18 15:57:20 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-08-18 15:12:59 -------- d-----w- c:\program files\Invasion Interactive Ltd
2013-08-13 19:37:32 -------- d-----w- c:\program files\SearchProtect
2013-08-13 19:37:32 -------- d-----w- c:\documents and settings\user\local settings\application data\SearchProtect
2013-08-11 09:37:40 601600 ----a-w- c:\windows\system32\SET91.tmp
2013-08-11 09:33:58 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-08-11 09:15:52 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-11 09:15:12 -------- d-----w- c:\documents and settings\user\AppData
2013-08-11 09:15:03 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-08-11 09:15:01 -------- d-----w- c:\program files\common files\Spigot
2013-08-11 09:14:56 -------- d-----w- c:\documents and settings\user\application data\IObit
2013-08-11 09:14:03 -------- d-----w- c:\program files\IObit
2013-08-11 07:22:45 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2013-08-11 07:22:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-11 07:22:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 07:22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-03 15:16:47 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2013-08-03 15:16:10 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2013-08-03 15:15:19 -------- d-----w- c:\documents and settings\user\local settings\application data\Big Fish
2013-08-03 15:14:59 -------- d-----w- c:\documents and settings\all users\application data\BigFishCache
2013-08-02 11:44:50 -------- d-----w- c:\documents and settings\all users\application data\BrowserDefender
2013-08-02 11:43:59 -------- d-----w- c:\program files\Minecraft
2013-07-29 20:17:10 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-29 04:39:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 04:39:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 04:39:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 04:39:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 07:13:28 21840 ----atw- c:\windows\system32\SIntfNT.dll
2013-06-23 07:13:28 17212 ----atw- c:\windows\system32\SIntf32.dll
2013-06-23 07:13:28 12067 ----atw- c:\windows\system32\SIntf16.dll
2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 11:12:45,56 ===============

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

DDS log ti nije kompletan, izgleda da si pri kopiranju skratio pocetak, tako da ga kopiraj ponovo ili prikaci...

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by user at 11:11:19 on 2013-08-25
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Application Data\eType\eTypeUpdate.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arabyonline.com/?src=1000RJWDA1377352261
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.arabyonline.com/?src=1000RJWDA1377352261
uInternet Connection Wizard,ShellNext = iexplore
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.24.6\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.24.6\deltaTlbr.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [Volaro Update] c:\program files\volaro\updater\Updater.exe
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\user\application data\babsolution\shared\enhancedNT.dll",Run
uRun: [eType] c:\documents and settings\user\application data\etype\eType.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354967150453
TCP: NameServer = 192.168.88.1 192.168.11.5 8.8.8.8
TCP: Interfaces\{9FE28828-9470-41AB-AC89-7CBE7B96C1DB} : DHCPNameServer = 192.168.88.1 192.168.11.5 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-08-24 22:07:56 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fe0c2886-e290-4442-8fc9-bc2902c8394d}\mpengine.dll
2013-08-24 13:48:26 -------- d-----w- c:\documents and settings\user\application data\eType
2013-08-24 13:32:04 -------- d-----w- c:\program files\Delta
2013-08-24 13:31:53 -------- d-----w- c:\documents and settings\user\application data\Delta
2013-08-24 13:31:37 -------- d-----w- c:\documents and settings\user\application data\BabSolution
2013-08-23 19:18:47 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 16:11:16 -------- d-----w- c:\program files\HWiNFO32
2013-08-22 13:48:49 -------- d-----w- c:\program files\Softonic
2013-08-21 19:53:05 -------- d-----w- C:\Drivers Backup
2013-08-21 19:51:29 -------- d-----w- c:\program files\Driver Magician
2013-08-21 19:47:29 -------- d-----w- c:\documents and settings\user\local settings\application data\avgchrome
2013-08-21 19:43:14 -------- d-----w- c:\documents and settings\user\application data\Babylon
2013-08-20 18:33:47 -------- d-----w- C:\UnknownFolder14060
2013-08-20 18:33:43 -------- d-----w- C:\UnknownFolder69633
2013-08-20 18:33:36 -------- d-----w- C:\UnknownFolder27039
2013-08-20 18:13:01 -------- d-----w- C:\UnknownFolder1968
2013-08-20 18:11:45 -------- d-----w- C:\UnknownFolder26915
2013-08-20 18:08:22 -------- d-----w- C:\UnknownFolder15267
2013-08-20 18:08:19 -------- d-----w- C:\UnknownFolder39255
2013-08-20 18:08:16 -------- d-----w- C:\UnknownFolder39239
2013-08-20 17:44:47 -------- d-----w- C:\UnknownFolder36554
2013-08-20 17:42:26 -------- d-----w- C:\UnknownFolder36132
2013-08-20 17:42:23 -------- d-----w- C:\UnknownFolder36348
2013-08-20 17:42:23 -------- d-----w- C:\UnknownFolder32921
2013-08-20 17:42:23 -------- d-----w- c:\program files\Xfire
2013-08-20 17:42:14 -------- d-----w- C:\UnknownFolder36797
2013-08-20 17:42:13 -------- d-----w- C:\UnknownFolder25951
2013-08-20 16:34:07 -------- d-----w- c:\program files\Volaro
2013-08-20 16:34:00 -------- d-----w- c:\program files\VonteeraAddon
2013-08-20 16:32:03 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-08-20 16:30:47 -------- d-----w- c:\documents and settings\user\application data\SwvUpdater
2013-08-18 15:57:26 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2013-08-18 15:57:24 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-08-18 15:57:24 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2013-08-18 15:57:22 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-08-18 15:57:20 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-08-18 15:12:59 -------- d-----w- c:\program files\Invasion Interactive Ltd
2013-08-13 19:37:32 -------- d-----w- c:\program files\SearchProtect
2013-08-13 19:37:32 -------- d-----w- c:\documents and settings\user\local settings\application data\SearchProtect
2013-08-11 09:37:40 601600 ----a-w- c:\windows\system32\SET91.tmp
2013-08-11 09:33:58 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-08-11 09:15:52 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-11 09:15:12 -------- d-----w- c:\documents and settings\user\AppData
2013-08-11 09:15:03 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-08-11 09:15:01 -------- d-----w- c:\program files\common files\Spigot
2013-08-11 09:14:56 -------- d-----w- c:\documents and settings\user\application data\IObit
2013-08-11 09:14:03 -------- d-----w- c:\program files\IObit
2013-08-11 07:22:45 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2013-08-11 07:22:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-11 07:22:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 07:22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-03 15:16:47 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2013-08-03 15:16:10 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2013-08-03 15:15:19 -------- d-----w- c:\documents and settings\user\local settings\application data\Big Fish
2013-08-03 15:14:59 -------- d-----w- c:\documents and settings\all users\application data\BigFishCache
2013-08-02 11:44:50 -------- d-----w- c:\documents and settings\all users\application data\BrowserDefender
2013-08-02 11:43:59 -------- d-----w- c:\program files\Minecraft
2013-07-29 20:17:10 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-29 04:39:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 04:39:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 04:39:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 04:39:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 07:13:28 21840 ----atw- c:\windows\system32\SIntfNT.dll
2013-06-23 07:13:28 17212 ----atw- c:\windows\system32\SIntf32.dll
2013-06-23 07:13:28 12067 ----atw- c:\windows\system32\SIntf16.dll
2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 11:12:45,56 ===============
to je sve sto je ocitalo,ja sam prije neki dan slucajno obrisao u local disku msi config-moze li to sta uticati sto dds log nije potpun(ne znam ima li to kakve veze moje je da kazem posto sam totalni pocetnik:()

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.

Pokreni Control Panel i obrisi sledece programe ako ih ne koristis:
- Advertising Center
- BrowserDefender
- Bundled software uninstaller
- DefaultTab
- Delta Chrome Toolbar
- Delta toolbar
- eType
- Search Protect
- Volaro Updater
- Vonteera

Restartuj racunar nakon sto zavrsis.



Korak 2.

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Korak 3.

Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, da izvrsimo jos jednu proveru:


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

ComboFix 13-08-25.01 - user 27.08.2013 18:37:13.1.1 - x86
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\WINDOWS
c:\windows\system32\msssc.dll
c:\windows\system32\SET91.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
.
.
((((((((((((((((((((((((( Files Created from 2013-07-27 to 2013-08-27 )))))))))))))))))))))))))))))))
.
.
2013-08-27 16:52 . 2013-08-27 16:52 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8537E64E-15BA-40D2-A140-556877D82032}\MpKslcdcf0cd4.sys
2013-08-27 16:16 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8537E64E-15BA-40D2-A140-556877D82032}\mpengine.dll
2013-08-27 15:55 . 2013-08-27 15:55 -------- d-----w- C:\IBMTOOLS
2013-08-26 21:36 . 2013-08-26 21:38 -------- d-----w- C:\AdwCleaner
2013-08-26 04:50 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-22 16:11 . 2013-08-23 13:53 -------- d-----w- c:\program files\HWiNFO32
2013-08-22 14:46 . 2013-08-22 14:49 -------- d-s---w- c:\documents and settings\Administrator
2013-08-21 19:53 . 2013-08-21 19:59 -------- d-----w- C:\Drivers Backup
2013-08-21 19:51 . 2013-08-23 13:52 -------- d-----w- c:\program files\Driver Magician
2013-08-21 19:47 . 2013-08-21 19:47 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\avgchrome
2013-08-20 18:33 . 2013-08-20 18:33 -------- d-----w- C:\UnknownFolder14060
2013-08-20 18:33 . 2013-08-20 18:33 -------- d-----w- C:\UnknownFolder69633
2013-08-20 18:33 . 2013-08-20 18:33 -------- d-----w- C:\UnknownFolder27039
2013-08-20 18:13 . 2013-08-20 18:13 -------- d-----w- C:\UnknownFolder1968
2013-08-20 18:11 . 2013-08-20 18:11 -------- d-----w- C:\UnknownFolder26915
2013-08-20 18:08 . 2013-08-20 18:33 -------- d-----w- C:\UnknownFolder15267
2013-08-20 18:08 . 2013-08-20 18:11 -------- d-----w- C:\UnknownFolder39255
2013-08-20 18:08 . 2013-08-20 18:11 -------- d-----w- C:\UnknownFolder39239
2013-08-20 17:44 . 2013-08-20 17:44 -------- d-----w- C:\UnknownFolder36554
2013-08-20 17:42 . 2013-08-20 17:42 -------- d-----w- C:\UnknownFolder36132
2013-08-20 17:42 . 2013-08-20 18:33 -------- d-----w- c:\program files\Xfire
2013-08-20 17:42 . 2013-08-20 17:42 -------- d-----w- C:\UnknownFolder36348
2013-08-20 17:42 . 2013-08-20 17:42 -------- d-----w- C:\UnknownFolder32921
2013-08-20 17:42 . 2013-08-20 17:43 -------- d-----w- C:\UnknownFolder36797
2013-08-20 17:42 . 2013-08-20 17:42 -------- d-----w- C:\UnknownFolder25951
2013-08-20 16:34 . 2013-08-26 21:22 -------- d-----w- c:\program files\Volaro
2013-08-18 15:57 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2013-08-18 15:57 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-08-18 15:57 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2013-08-18 15:57 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-08-18 15:57 . 2007-01-24 13:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-08-18 15:12 . 2013-08-18 15:12 -------- d-----w- c:\program files\Invasion Interactive Ltd
2013-08-11 09:33 . 2013-04-17 18:22 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-08-11 09:15 . 2013-08-11 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-11 09:15 . 2013-08-11 09:15 -------- d-----w- c:\documents and settings\user\AppData
2013-08-11 09:15 . 2013-08-11 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-08-11 09:14 . 2013-08-22 19:00 -------- d-----w- c:\documents and settings\user\Application Data\IObit
2013-08-11 09:14 . 2013-08-22 18:59 -------- d-----w- c:\program files\IObit
2013-08-11 07:22 . 2013-08-11 07:22 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2013-08-11 07:22 . 2013-08-11 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-11 07:22 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 07:22 . 2013-08-11 07:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-03 15:16 . 2013-08-03 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2013-08-03 15:16 . 2013-08-03 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2013-08-03 15:15 . 2013-08-03 15:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Big Fish
2013-08-03 15:14 . 2013-08-03 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishCache
2013-08-02 11:43 . 2013-08-02 11:45 -------- d-----w- c:\program files\Minecraft
2013-07-29 20:17 . 2013-08-14 20:54 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 02:47 . 2008-04-14 03:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2008-04-14 03:41 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2008-04-14 03:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2008-04-13 22:07 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2008-04-14 03:42 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2008-04-13 22:57 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-29 04:39 . 2013-06-29 04:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 04:39 . 2013-06-29 04:40 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 04:39 . 2012-12-08 10:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 04:39 . 2012-12-08 10:18 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 07:13 . 2013-06-23 07:12 21840 ----atw- c:\windows\system32\SIntfNT.dll
2013-06-23 07:13 . 2013-06-23 07:12 17212 ----atw- c:\windows\system32\SIntf32.dll
2013-06-23 07:13 . 2013-06-23 07:12 12067 ----atw- c:\windows\system32\SIntf16.dll
2013-06-18 19:50 . 2012-08-30 21:03 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23 . 2008-04-14 03:42 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-04-13 23:00 1876736 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 13:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 MpKslcdcf0cd4;MpKslcdcf0cd4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8537E64E-15BA-40D2-A140-556877D82032}\MpKslcdcf0cd4.sys [27.8.2013 18:52 29904]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11.8.2013 11:14 574272]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 12:08 11336]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\user\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\user\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.8.2013 9:22 22856]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11.8.2013 9:22 418376]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.8.2013 9:22 701512]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2013 16:21 162408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLCDCF0CD4
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-08-18 c:\windows\Tasks\ASC6_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 6\AutoCare.exe [2013-08-11 16:47]
.
2013-08-21 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-11 17:02]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1085031214-1177238915-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 10:11]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1085031214-1177238915-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 10:11]
.
2013-08-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.arabyonline.com/?src=1000RCBZZ1377459513
mStart Page = hxxp://www.arabyonline.com/?src=1000RCBZZ1377459513
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.88.1 192.168.11.5 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SDP - c:\program files\FilesFrog Update Checker\update_checker.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-27 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-08-27 19:00:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-27 16:59
.
Pre-Run: 18.322.513.920 bytes free
Post-Run: 18.331.410.432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 71A6A33C010892803E320F98F225F34F
8F558EB6672622401DA993E1E865C861

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Exclamation U uputstvu je pisalo da preuzmes ComboFix na Desktop. Preuzmi ga ponovo sa istog linka, samo sada na Desktop.


Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
DMSKSSRh

DirLook::
C:\UnknownFolder14060

File::
c:\docume~1\user\LOCALS~1\Temp\DMSKSSRh.sys

DDS::
uStart Page = hxxp://www.arabyonline.com/?src=1000RCBZZ1377459513
mStart Page = hxxp://www.arabyonline.com/?src=1000RCBZZ1377459513

ClearJavaCache::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 766 korisnika na forumu :: 32 registrovanih, 1 sakriven i 733 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., ALBION101, aleksmajstor, Bane san, Boban, crnitrn, dac, dankisha, dragon986, ILGromovnik, kripo, mercedesamg, Milan A. Nikolic, Misirac, nemkea71, nenad81, oddsock, ostoja, Polemarchoi, Regrut Boskica, sajkaca, sakota79, Srki94, Stoorbak, Toni, Toper, trajkoni018, Vatreni Zmaj, Vlada1389, vlvl