lol IMG_00956.zip

2

lol IMG_00956.zip

offline
  • Pridružio: 26 Mar 2014
  • Poruke: 32

Molim te malo jasnije uputstvo,da kopiram taj text? Ili da nadjem Takav takst? Jer nemam notepad poruku na particiji C ??? Izvini,ali ne razumem? Sad Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Prvo prebaci Combofix na Desktop, pise u uputstvu. Ti si ga pokrenuo sa ove lokacije:

c:\documents and settings\Jellyf#\My Documents\Downloads\ComboFix.exe


Zatim klikni desni klik na Desktop > New > Text Document (Notepad) i u njemu kopiraj sadrzaj koji je kolega napisao za tebe.
U okviru Notepada klikni na File > Save as, izaberi Desktop, daj naziv fajlu CFScript i klikni na Save.

Da li je sada jasnije?

offline
  • Pridružio: 26 Mar 2014
  • Poruke: 32

Hvala...mnogo jasnije! Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ok, onda samo prevuces CFScript na ikonu Comofixa (kao na gifu) i pocece ciscenje tvog sistema.

Nadalje ces nastaviti sa kolegom, pozdrav.

offline
  • Pridružio: 26 Mar 2014
  • Poruke: 32

Napisano: 26 Mar 2014 23:44

Hvala,puno...pozdrav! Smile



ComboFix 14-03-24.01 - Jellyf# 03/26/2014 23:33:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.878 [GMT 1:00]
Running from: c:\documents and settings\Jellyf#\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Jellyf#\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mobogenie
c:\program files\Mobogenie\AdbWinApi.dll
c:\program files\Mobogenie\configure.mu
c:\program files\Mobogenie\CrashRpt.dll
c:\program files\Mobogenie\DaemonProcess.exe
c:\program files\Mobogenie\imageformats\qgif4.dll
c:\program files\Mobogenie\imageformats\qico4.dll
c:\program files\Mobogenie\imageformats\qjpeg4.dll
c:\program files\Mobogenie\imageformats\qmng4.dll
c:\program files\Mobogenie\imageformats\qtga4.dll
c:\program files\Mobogenie\imageformats\qtiff4.dll
c:\program files\Mobogenie\libeay32.dll
c:\program files\Mobogenie\log\2014-02-03.log
c:\program files\Mobogenie\log\2014-03-05.log
c:\program files\Mobogenie\log\2014-03-06.log
c:\program files\Mobogenie\log\action.log
c:\program files\Mobogenie\mgadb.exe
c:\program files\Mobogenie\mgusb.exe
c:\program files\Mobogenie\Mobogenie.exe
c:\program files\Mobogenie\msvcp100.dll
c:\program files\Mobogenie\msvcr100.dll
c:\program files\Mobogenie\ok.htm
c:\program files\Mobogenie\phonon_backend\phonon_ds94.dll
c:\program files\Mobogenie\phonon4.dll
c:\program files\Mobogenie\QtCore4.dll
c:\program files\Mobogenie\QtGui4.dll
c:\program files\Mobogenie\QtNetwork4.dll
c:\program files\Mobogenie\QtSql4.dll
c:\program files\Mobogenie\QtWebKit4.dll
c:\program files\Mobogenie\sqldrivers\qsqlite4.dll
c:\program files\Mobogenie\ssleay32.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-26 to 2014-03-26 )))))))))))))))))))))))))))))))
.
.
2014-03-25 17:22 . 2000-12-03 07:01 198656 ----a-w- c:\windows\system32\comdlg32.ocx
2014-03-25 17:22 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\mscomctl.ocx
2014-03-25 17:22 . 1998-06-23 21:00 164144 ----a-w- c:\windows\system32\Comct232.ocx
2014-03-25 17:22 . 2012-10-03 13:13 132880 ----a-w- c:\windows\system32\Msinet.ocx
2014-03-25 17:22 . 2004-03-08 23:00 124688 ----a-w- c:\windows\system32\Mswinsck.ocx
2014-03-25 17:22 . 2014-01-27 08:42 34304 ----a-w- c:\windows\system32\NTSVC.ocx
2014-03-25 17:22 . 2014-03-25 17:22 -------- d-----w- c:\program files\exedb
2014-03-25 14:57 . 2014-03-26 11:32 -------- d---a-w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-21 05:48 . 2013-12-05 05:41 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 06:24 . 2013-07-08 19:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 06:24 . 2013-07-08 19:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2009-11-05 12:54 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2009-11-05 12:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2009-11-05 12:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2009-11-05 12:53 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2009-11-05 12:53 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2009-11-10 16:54 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 11:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-19 20:46 . 2012-09-21 02:45 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13 . 2009-11-05 12:54 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-21 05:48 3486232 ----a-w- c:\program files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll" [2014-03-21 3486232]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ---ha-w- c:\documents and settings\Jellyf#\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ---ha-w- c:\documents and settings\Jellyf#\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ---ha-w- c:\documents and settings\Jellyf#\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ---ha-w- c:\documents and settings\Jellyf#\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="D:\uTorrent.exe" [2014-02-02 905296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-03-21 2544664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]
.
c:\documents and settings\Jellyf#\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jellyf#\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Jellyf#\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"d:\\uTorrent.exe"=
"c:\\Documents and Settings\\Jellyf#\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 7:57 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/5/2013 6:41 AM 42272]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [3/21/2014 6:49 AM 1771032]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [1/5/2013 12:41 AM 101808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [1/5/2013 12:41 AM 557488]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [1/5/2013 12:41 AM 568752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 9:22 PM 3782672]
S2 UpdateServiceTool;UpdateSoftware;"c:\program files\Bin\UpdateTool\UpdaterToolService.exe" --> c:\program files\Bin\UpdateTool\UpdaterToolService.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [1/5/2013 12:41 AM 101808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/1/2013 6:06 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [1/5/2013 12:41 AM 557488]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [1/5/2013 12:41 AM 103344]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [1/5/2013 12:41 AM 103344]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [1/5/2013 12:41 AM 568752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 13:43 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08 06:24]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-26 21:04]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-26 21:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN18695033731028627&UM=2&ctid=CT3282698
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-03-26 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-26 23:42:04
ComboFix-quarantined-files.txt 2014-03-26 22:42
ComboFix2.txt 2014-03-26 21:02
.
Pre-Run: 2,116,149,248 bytes free
Post-Run: 2,070,818,816 bytes free
.
- - End Of File - - 036485782C7B9E2F3138AFAC7BC17E20
8F558EB6672622401DA993E1E865C861

Dopuna: 26 Mar 2014 23:58

# AdwCleaner v3.022 - Report created 26/03/2014 at 23:47:24
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jellyf# - JELLY-B7C63F3B1
# Running from : C:\Documents and Settings\Jellyf#\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\newnext.me
Folder Deleted : C:\Documents and Settings\LocalService\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\LocalService\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\SweetTunes1
Folder Deleted : C:\Documents and Settings\Jellyf#\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jellyf#\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Jellyf#\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\Jellyf#\Application Data\newnext.me
Folder Deleted : C:\Documents and Settings\Jellyf#\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Jellyf#\My Documents\Mobogenie
[!] Folder Deleted : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\LocalService\Desktop\Mobogenie.lnk
File Deleted : C:\Documents and Settings\LocalService\Desktop\MyPC Backup.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\53e8b8bb23de943
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\SweetTunes1
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\SweetTunes1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Documents and Settings\Jellyf#\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7916 octets] - [26/03/2014 23:45:01]
AdwCleaner[S0].txt - [7803 octets] - [26/03/2014 23:47:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7863 octets] ##########

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

U redu, racunar sada izgleda cisto. Kazi mi kakva je situacija?

offline
  • Pridružio: 26 Mar 2014
  • Poruke: 32

Hvala puno!!! Radi bez bilo kakvih problema. Veliko hvala i pozdrav!!!! Very Happy

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Odlicno Smile

Ostaje jos da pocistimo alate Smile



Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.




Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

offline
  • Pridružio: 26 Mar 2014
  • Poruke: 32

Sta reci? Smile hvala puno,svaka cast...puno uspeha u daljim poslovima zelim,pozdrav!!!! Very Happy

Ko je trenutno na forumu
 

Ukupno su 1189 korisnika na forumu :: 23 registrovanih, 2 sakrivenih i 1164 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, amstel2, Andrija357, bigfoot, bojank, brundo65, bulltony, Doca, gorozup, krkalon, ltcolonel, m0nstrum_, Marko Marković, Nebo_M, NenadG, nesic1, Panonsky, proka89, Velibor Rado, vespa nikola, wizzardone, zoidbergs, Zvrk