problem sa operom i google chrom.

1

problem sa operom i google chrom.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

Napisano: 06 Apr 2013 14:52

e ovako kad idem preko opere,otvori mi stranicu al ne nemogu da otvorim ni jedan link kasnije. jedino mi fb radi redovno,a preko googla mi otvara sve stranice,samo mi fb zeza,ispise kao da je nasao neku pretnju i nece da otvori redovno fb.

ovo je dds.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by x box at 14:49:40 on 2013-04-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.897 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
D:\PROGRAMI\Advanced SystemCare 6\ASC.exe
D:\PROGRAMI\Advanced SystemCare 6\ASCTray.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\x box\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294
mWinlogon: Userinit = userinit.exe
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\x box\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [uTorrent] "C:\Users\x box\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A6E82310-5D02-4C9C-A2E4-BD0EA09D31EF} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294
FF - plugin: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_17.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\x box\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\x box\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f831552400000000000000199915e294
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15785
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.08:55:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-13 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-12 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
.
=============== Created Last 30 ================
.
2013-04-01 04:56:47 -------- d-----w- C:\Users\x box\AppData\Local\SniperV2
2013-04-01 04:55:45 -------- d-----w- C:\Users\x box\AppData\Local\SKIDROW
2013-03-30 17:23:15 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-03-30 17:22:58 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-03-30 09:40:43 -------- d-----w- C:\Users\x box\AppData\Local\Macromedia
2013-03-21 08:31:33 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-03-21 08:07:20 -------- d-----w- C:\ProgramData\Rockstar Games
2013-03-21 08:01:36 -------- d-----w- C:\Windows\System32\appmgmt
2013-03-21 07:55:11 -------- d-----w- C:\Users\x box\AppData\Roaming\Babylon
2013-03-21 07:55:11 -------- d-----w- C:\ProgramData\Tarma Installer
2013-03-21 07:55:11 -------- d-----w- C:\ProgramData\Babylon
2013-03-21 07:55:08 -------- d-----w- C:\Users\x box\AppData\Roaming\GoforFiles
2013-03-20 18:08:50 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-03-20 16:50:39 -------- d-----w- C:\Users\x box\AppData\Roaming\HoolappForAndroid
2013-03-19 23:36:46 -------- d-----w- C:\Program Files (x86)\Heroes & Generals
2013-03-19 21:59:26 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2013-03-19 21:23:49 -------- d-----w- C:\Users\x box\AppData\Local\Chromium
2013-03-18 19:28:28 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-03-18 11:07:45 -------- d-----w- C:\Program Files (x86)\IObit
2013-03-18 11:04:09 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-03-18 10:57:00 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-03-18 10:56:28 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-18 10:56:26 -------- d-----w- C:\ProgramData\IObit
2013-03-18 10:56:26 -------- d-----w- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
2013-03-18 10:56:22 -------- d-----w- C:\Users\x box\AppData\Roaming\IObit
2013-03-17 18:59:22 -------- d-----w- C:\Program Files (x86)\GRETECH
2013-03-17 18:50:43 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-03-16 22:42:41 -------- d-----w- C:\Users\x box\AppData\Local\Opera
2013-03-16 07:31:14 -------- d-----w- C:\Program Files\AVAST Software
2013-03-16 07:30:28 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-16 07:24:58 -------- d-----w- C:\ProgramData\MCShield
2013-03-16 07:24:57 -------- d-----w- C:\Program Files (x86)\MCShield
2013-03-15 19:57:04 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 19:46:30 -------- d-----w- C:\Program Files\CCleaner
2013-03-15 15:27:53 -------- d-----w- C:\Users\x box\AppData\Roaming\BSplayer PRO
2013-03-15 15:19:58 -------- d-----w- C:\Users\x box\AppData\Roaming\Unity
2013-03-15 15:16:25 -------- d-----w- C:\Users\x box\AppData\Local\Unity
2013-03-15 14:52:26 -------- d-----w- C:\Program Files (x86)\Realtek
2013-03-15 14:51:57 -------- d--h--w- C:\Program Files (x86)\Temp
2013-03-15 10:28:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-03-15 09:24:50 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 09:24:50 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-15 09:11:33 -------- d-----w- C:\Users\x box\AppData\Local\Programs
2013-03-15 09:11:31 -------- d-----w- C:\Users\x box\AppData\Local\ESET
2013-03-13 20:11:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-03-13 20:11:49 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-03-13 20:11:49 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-03-13 20:11:49 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-03-13 20:11:49 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-03-13 20:11:49 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-03-13 20:11:44 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-03-13 20:11:44 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-03-13 20:10:12 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-03-13 20:10:10 -------- d-----w- C:\Users\x box\AppData\Roaming\DAEMON Tools Lite
2013-03-13 20:10:07 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-03-13 20:09:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-03-13 17:23:50 -------- d-----w- C:\Users\x box\AppData\Roaming\uTorrent
2013-03-12 19:20:53 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-12 19:20:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-12 18:59:38 -------- d-----w- C:\Users\x box\AppData\Local\AMD
2013-03-12 18:59:37 -------- d-----w- C:\NVIDIA
2013-03-12 18:59:24 -------- d-----w- C:\Users\x box\AppData\Local\ATI
2013-03-12 18:59:15 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-03-12 18:59:10 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-03-12 18:59:05 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-03-12 18:59:05 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-03-12 18:58:16 -------- d-----w- C:\ProgramData\AMD
2013-03-12 18:58:15 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2013-03-12 18:57:16 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-03-12 18:56:52 -------- d-----w- C:\Program Files\ATI Technologies
2013-03-12 18:56:49 -------- d-----w- C:\Program Files\ATI
2013-03-12 18:32:55 -------- d-----w- C:\ProgramData\DriverGenius
2013-03-12 17:32:25 -------- d-----w- C:\Program Files (x86)\EASEUS
2013-03-12 17:29:42 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
2013-03-12 08:13:59 -------- d-----w- C:\Program Files (x86)\MUP RS
2013-03-12 08:11:10 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2013-02-24 09:37:55 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-02-24 09:37:55 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-02-24 09:37:55 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-02-24 09:37:54 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-02-24 09:37:54 1008640 ----a-w- C:\Windows\System32\user32.dll
.
============= FINISH: 14:50:01,98 ===============

mycity.rs/must-login.png

Dopuna: 06 Apr 2013 15:07

da i da dodam,brzina interneta je dobra al upload uopste nema.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

e nemogu da pokrenem kombofix. navodno mi aktiviran ESET NOD. al ja taj program nemam.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Imas ostatke ESET NOD32 Antivirusa.

Preuzmi i pokreni ovaj alat po upustvu sa linka:

http://kb.eset.com/esetkb/index?page=content&i.....4657447620

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

Napisano: 06 Apr 2013 18:13

ComboFix 13-04-06.01 - x box 06.04.2013 18:00:04.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1190 [GMT 2:00]
Running from: c:\users\x box\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\L\00000004.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\L\201d3dde
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\L\6715e287
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\L\76603ac3
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\00000004.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\00000008.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\000000cb.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\80000000.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\80000032.@
c:\windows\Installer\{57342059-4638-e33f-68d8-e343f751af9a}\U\80000064.@
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
.
.
2013-04-06 16:05 . 2013-04-06 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 04:56 . 2013-04-01 04:56 -------- d-----w- c:\users\x box\AppData\Local\SniperV2
2013-04-01 04:55 . 2013-04-01 04:55 -------- d-----w- c:\users\x box\AppData\Local\SKIDROW
2013-03-30 17:23 . 2013-03-30 17:23 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-30 17:22 . 2013-03-30 17:22 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-30 09:40 . 2013-03-30 09:40 -------- d-----w- c:\users\x box\AppData\Local\Macromedia
2013-03-21 08:31 . 2013-03-21 08:31 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-03-21 08:07 . 2013-03-21 08:07 -------- d-----w- c:\programdata\Rockstar Games
2013-03-21 08:01 . 2013-03-21 08:01 -------- d-----w- c:\windows\system32\appmgmt
2013-03-21 07:55 . 2013-03-21 08:02 -------- d-----w- c:\programdata\Tarma Installer
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\users\x box\AppData\Roaming\Babylon
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\programdata\Babylon
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\users\x box\AppData\Roaming\GoforFiles
2013-03-20 18:12 . 2013-03-20 18:12 -------- d-----w- c:\users\x box\AppData\Roaming\SystemRequirementsLab
2013-03-20 18:08 . 2013-03-20 18:12 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-03-20 16:50 . 2013-03-21 08:00 -------- d-----w- c:\users\x box\AppData\Roaming\HoolappForAndroid
2013-03-19 23:36 . 2013-04-06 14:28 -------- d-----w- c:\program files (x86)\Heroes & Generals
2013-03-19 21:59 . 2013-03-19 21:59 -------- d-----w- c:\program files (x86)\DAMN NFO Viewer
2013-03-19 21:23 . 2013-03-19 21:23 -------- d-----w- c:\users\x box\AppData\Local\Chromium
2013-03-18 19:28 . 2013-03-18 19:28 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-03-18 11:07 . 2013-03-18 11:07 -------- d-----w- c:\program files (x86)\IObit
2013-03-18 11:04 . 2013-01-15 17:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-03-18 10:58 . 2013-03-18 10:58 -------- d-----w- c:\users\x box\AppData\Roaming\Apple Computer
2013-03-18 10:57 . 2013-03-21 08:47 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2013-03-18 10:56 . 2013-03-18 10:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-18 10:56 . 2013-03-18 11:05 -------- d-----w- c:\programdata\IObit
2013-03-18 10:56 . 2013-03-18 10:56 -------- d-----w- c:\programdata\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
2013-03-18 10:56 . 2013-03-18 19:24 -------- d-----w- c:\users\x box\AppData\Roaming\IObit
2013-03-17 19:08 . 2013-03-18 00:21 -------- d-----w- c:\users\x box\AppData\Roaming\Media Player Classic
2013-03-17 18:59 . 2013-03-17 18:59 -------- d-----w- c:\users\x box\AppData\Roaming\GRETECH
2013-03-17 18:59 . 2013-03-17 18:59 -------- d-----w- c:\program files (x86)\GRETECH
2013-03-17 18:52 . 2013-03-17 18:54 -------- d-----w- c:\users\x box\AppData\Roaming\vlc
2013-03-17 18:50 . 2013-03-17 18:50 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-16 22:42 . 2013-03-16 22:42 -------- d-----w- c:\users\x box\AppData\Local\Opera
2013-03-16 22:42 . 2013-04-05 17:35 -------- d-----w- c:\program files (x86)\Opera
2013-03-16 07:32 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-16 07:31 . 2013-03-16 07:31 -------- d-----w- c:\program files\AVAST Software
2013-03-16 07:30 . 2013-03-18 19:32 -------- d-----w- c:\programdata\AVAST Software
2013-03-16 07:24 . 2013-04-06 16:06 -------- d-----w- c:\programdata\MCShield
2013-03-16 07:24 . 2013-03-16 07:24 -------- d-----w- c:\program files (x86)\MCShield
2013-03-15 19:57 . 2013-03-15 19:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-15 19:57 . 2013-03-15 19:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 19:56 . 2013-03-15 19:56 -------- d-----w- c:\program files (x86)\Java
2013-03-15 19:46 . 2013-03-15 19:46 -------- d-----w- c:\program files\CCleaner
2013-03-15 15:27 . 2013-03-15 17:24 -------- d-----w- c:\users\x box\AppData\Roaming\BSplayer PRO
2013-03-15 15:19 . 2013-03-15 15:19 -------- d-----w- c:\users\x box\AppData\Roaming\Unity
2013-03-15 15:16 . 2013-03-15 15:16 -------- d-----w- c:\users\x box\AppData\Local\Unity
2013-03-15 14:52 . 2013-03-15 14:52 -------- d-----w- c:\program files (x86)\Realtek
2013-03-15 14:51 . 2013-03-15 14:56 -------- d--h--w- c:\program files (x86)\Temp
2013-03-15 10:28 . 2013-03-15 10:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-03-15 09:24 . 2013-03-22 09:54 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 09:24 . 2013-03-22 09:54 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 09:24 . 2013-03-15 09:24 -------- d-----w- c:\windows\system32\Macromed
2013-03-15 09:11 . 2013-03-15 09:11 -------- d-----w- c:\users\x box\AppData\Local\Programs
2013-03-15 09:11 . 2013-03-15 09:11 -------- d-----w- c:\users\x box\AppData\Local\ESET
2013-03-13 20:17 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2013-03-13 20:17 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2013-03-13 20:14 . 2013-03-21 08:07 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-03-13 20:11 . 2013-03-13 20:11 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-03-13 20:10 . 2013-03-13 20:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-13 20:10 . 2013-04-01 23:41 -------- d-----w- c:\users\x box\AppData\Roaming\DAEMON Tools Lite
2013-03-13 20:10 . 2013-03-13 20:10 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-03-13 20:09 . 2013-03-13 20:11 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-13 17:23 . 2013-04-06 16:06 -------- d-----w- c:\users\x box\AppData\Roaming\uTorrent
2013-03-12 19:21 . 2013-03-12 19:21 -------- d-----w- c:\windows\Sun
2013-03-12 19:20 . 2013-03-15 19:56 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-12 19:20 . 2013-03-15 19:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Local\AMD
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- C:\NVIDIA
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Roaming\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Local\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\programdata\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\AMD APP
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-03-12 18:58 . 2013-03-12 18:59 -------- d-----w- c:\programdata\AMD
2013-03-12 18:58 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2013-03-12 18:57 . 2013-03-12 18:57 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-03-12 18:56 . 2013-03-12 18:58 -------- d-----w- c:\program files\ATI Technologies
2013-03-12 18:56 . 2013-03-12 18:56 -------- d-----w- c:\program files\ATI
2013-03-12 18:32 . 2013-03-12 18:56 -------- d-----w- c:\programdata\DriverGenius
2013-03-12 17:32 . 2013-03-12 17:32 -------- d-----w- c:\program files (x86)\EASEUS
2013-03-12 17:29 . 2013-03-30 08:58 -------- d-----w- c:\program files (x86)\Hard Disk Sentinel
2013-03-12 08:13 . 2013-03-12 08:13 -------- d-----w- c:\program files (x86)\MUP RS
2013-03-12 08:11 . 2013-03-12 08:11 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 09:37 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2013-02-24 09:37 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-02-24 09:37 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2013-02-24 09:37 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-02-24 09:37 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-02-24 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-02-24 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"uTorrent"="c:\users\x box\AppData\Roaming\uTorrent\uTorrent.exe" [2013-03-13 1051984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2013-02-10 607232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-24 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 09:54]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000Core.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000UA.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f831552400000000000000199915e294
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15785
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.08:55
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2013-04-06 18:10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-06 16:10
.
Pre-Run: 42.293.690.368 bytes free
Post-Run: 42.016.202.752 bytes free
.
- - End Of File - - 467CA1B6B9096BDE3AF67B7888A37795

Dopuna: 06 Apr 2013 18:14

inace sada sam uspeo da udjem redovno na operu. a na guglu mi redovno otvara fb.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

FCOPY::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\SysWOW64\user32.dll

DDS::
uStart Page = hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294

Firefox::
FF - ProfilePath - c:\users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119296&babsrc=HP_ss&mntrId=F83100199915E294
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f831552400000000000000199915e294
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15785
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.08:55
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

ComboFix 13-04-06.02 - x box 06.04.2013 18:55:08.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1298 [GMT 2:00]
Running from: c:\users\x box\Desktop\ComboFix.exe
Command switches used :: c:\users\x box\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
.
.
2013-04-06 16:59 . 2013-04-06 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 04:56 . 2013-04-01 04:56 -------- d-----w- c:\users\x box\AppData\Local\SniperV2
2013-04-01 04:55 . 2013-04-01 04:55 -------- d-----w- c:\users\x box\AppData\Local\SKIDROW
2013-03-30 17:23 . 2013-03-30 17:23 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-30 17:22 . 2013-03-30 17:22 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-30 09:40 . 2013-03-30 09:40 -------- d-----w- c:\users\x box\AppData\Local\Macromedia
2013-03-21 08:31 . 2013-03-21 08:31 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-03-21 08:07 . 2013-03-21 08:07 -------- d-----w- c:\programdata\Rockstar Games
2013-03-21 08:01 . 2013-03-21 08:01 -------- d-----w- c:\windows\system32\appmgmt
2013-03-21 07:55 . 2013-03-21 08:02 -------- d-----w- c:\programdata\Tarma Installer
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\users\x box\AppData\Roaming\Babylon
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\programdata\Babylon
2013-03-21 07:55 . 2013-03-21 07:55 -------- d-----w- c:\users\x box\AppData\Roaming\GoforFiles
2013-03-20 18:12 . 2013-03-20 18:12 -------- d-----w- c:\users\x box\AppData\Roaming\SystemRequirementsLab
2013-03-20 18:08 . 2013-03-20 18:12 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-03-20 16:50 . 2013-03-21 08:00 -------- d-----w- c:\users\x box\AppData\Roaming\HoolappForAndroid
2013-03-19 23:36 . 2013-04-06 16:25 -------- d-----w- c:\program files (x86)\Heroes & Generals
2013-03-19 21:59 . 2013-03-19 21:59 -------- d-----w- c:\program files (x86)\DAMN NFO Viewer
2013-03-19 21:23 . 2013-03-19 21:23 -------- d-----w- c:\users\x box\AppData\Local\Chromium
2013-03-18 19:28 . 2013-03-18 19:28 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-03-18 11:07 . 2013-03-18 11:07 -------- d-----w- c:\program files (x86)\IObit
2013-03-18 11:04 . 2013-01-15 17:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-03-18 10:58 . 2013-03-18 10:58 -------- d-----w- c:\users\x box\AppData\Roaming\Apple Computer
2013-03-18 10:57 . 2013-03-21 08:47 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2013-03-18 10:56 . 2013-03-18 10:56 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-18 10:56 . 2013-03-18 11:05 -------- d-----w- c:\programdata\IObit
2013-03-18 10:56 . 2013-03-18 10:56 -------- d-----w- c:\programdata\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
2013-03-18 10:56 . 2013-03-18 19:24 -------- d-----w- c:\users\x box\AppData\Roaming\IObit
2013-03-17 19:08 . 2013-03-18 00:21 -------- d-----w- c:\users\x box\AppData\Roaming\Media Player Classic
2013-03-17 18:59 . 2013-03-17 18:59 -------- d-----w- c:\users\x box\AppData\Roaming\GRETECH
2013-03-17 18:59 . 2013-03-17 18:59 -------- d-----w- c:\program files (x86)\GRETECH
2013-03-17 18:52 . 2013-03-17 18:54 -------- d-----w- c:\users\x box\AppData\Roaming\vlc
2013-03-17 18:50 . 2013-03-17 18:50 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-16 22:42 . 2013-03-16 22:42 -------- d-----w- c:\users\x box\AppData\Local\Opera
2013-03-16 22:42 . 2013-04-05 17:35 -------- d-----w- c:\program files (x86)\Opera
2013-03-16 07:32 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-16 07:31 . 2013-03-16 07:31 -------- d-----w- c:\program files\AVAST Software
2013-03-16 07:30 . 2013-03-18 19:32 -------- d-----w- c:\programdata\AVAST Software
2013-03-16 07:24 . 2013-04-06 16:06 -------- d-----w- c:\programdata\MCShield
2013-03-16 07:24 . 2013-03-16 07:24 -------- d-----w- c:\program files (x86)\MCShield
2013-03-15 19:57 . 2013-03-15 19:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-15 19:57 . 2013-03-15 19:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 19:56 . 2013-03-15 19:56 -------- d-----w- c:\program files (x86)\Java
2013-03-15 19:46 . 2013-03-15 19:46 -------- d-----w- c:\program files\CCleaner
2013-03-15 15:27 . 2013-03-15 17:24 -------- d-----w- c:\users\x box\AppData\Roaming\BSplayer PRO
2013-03-15 15:19 . 2013-03-15 15:19 -------- d-----w- c:\users\x box\AppData\Roaming\Unity
2013-03-15 15:16 . 2013-03-15 15:16 -------- d-----w- c:\users\x box\AppData\Local\Unity
2013-03-15 14:52 . 2013-03-15 14:52 -------- d-----w- c:\program files (x86)\Realtek
2013-03-15 14:51 . 2013-03-15 14:56 -------- d--h--w- c:\program files (x86)\Temp
2013-03-15 10:28 . 2013-03-15 10:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-03-15 09:24 . 2013-03-22 09:54 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 09:24 . 2013-03-22 09:54 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 09:24 . 2013-03-15 09:24 -------- d-----w- c:\windows\system32\Macromed
2013-03-15 09:11 . 2013-03-15 09:11 -------- d-----w- c:\users\x box\AppData\Local\Programs
2013-03-15 09:11 . 2013-03-15 09:11 -------- d-----w- c:\users\x box\AppData\Local\ESET
2013-03-13 20:17 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2013-03-13 20:17 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2013-03-13 20:14 . 2013-03-21 08:07 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-03-13 20:11 . 2013-03-13 20:11 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-03-13 20:10 . 2013-03-13 20:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-13 20:10 . 2013-04-01 23:41 -------- d-----w- c:\users\x box\AppData\Roaming\DAEMON Tools Lite
2013-03-13 20:10 . 2013-03-13 20:10 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-03-13 20:09 . 2013-03-13 20:11 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-03-13 17:23 . 2013-04-06 16:52 -------- d-----w- c:\users\x box\AppData\Roaming\uTorrent
2013-03-12 19:21 . 2013-03-12 19:21 -------- d-----w- c:\windows\Sun
2013-03-12 19:20 . 2013-03-15 19:56 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-12 19:20 . 2013-03-15 19:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Local\AMD
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- C:\NVIDIA
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Roaming\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\users\x box\AppData\Local\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\programdata\ATI
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\AMD APP
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-03-12 18:59 . 2013-03-12 18:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-03-12 18:58 . 2013-03-12 18:59 -------- d-----w- c:\programdata\AMD
2013-03-12 18:58 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2013-03-12 18:57 . 2013-03-12 18:57 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-03-12 18:56 . 2013-03-12 18:58 -------- d-----w- c:\program files\ATI Technologies
2013-03-12 18:56 . 2013-03-12 18:56 -------- d-----w- c:\program files\ATI
2013-03-12 18:32 . 2013-03-12 18:56 -------- d-----w- c:\programdata\DriverGenius
2013-03-12 17:32 . 2013-03-12 17:32 -------- d-----w- c:\program files (x86)\EASEUS
2013-03-12 17:29 . 2013-03-30 08:58 -------- d-----w- c:\program files (x86)\Hard Disk Sentinel
2013-03-12 08:13 . 2013-03-12 08:13 -------- d-----w- c:\program files (x86)\MUP RS
2013-03-12 08:11 . 2013-03-12 08:11 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 09:37 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2013-02-24 09:37 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-02-24 09:37 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"uTorrent"="c:\users\x box\AppData\Roaming\uTorrent\uTorrent.exe" [2013-03-13 1051984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2013-02-10 607232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-24 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 09:54]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000Core.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733609890-2471226356-2741251806-1000UA.job
- c:\users\x box\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\x box\AppData\Roaming\Mozilla\Firefox\Profiles\q8il1zqm.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-06 19:01:15
ComboFix-quarantined-files.txt 2013-04-06 17:01
.
Pre-Run: 42.047.016.960 bytes free
Post-Run: 41.986.797.568 bytes free
.
- - End Of File - - CC974B4F214B5E898993B214941EFDA2

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Imas takodje ostatke Avast-a, pokreni njegov Uninstaller takodje iz Safe Mode rezima.
http://www.avast.com/uninstall-utility

Kad to zavrsis javi mi kakvo je stanje.

Ko je trenutno na forumu
 

Ukupno su 1169 korisnika na forumu :: 54 registrovanih, 6 sakrivenih i 1109 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Alibaba1981, babaroga, bbogdan, bokisha253, Boris90, Brana01, cavatina, cifra, darcaud, DENIRO, Dežurni pod palubom, djolew, Excalibur13, HogarStrashni, ikan, Insan, ivan1973, ivica976, kovinacc, Krusarac, Kubovac, kybonacci, maiden6657, Mediator, mercedesamg, milenko crazy north, minmatar34957, mnn2, nemkea71, Neutral-M, novator, Parker, pein, powSrb, proka89, repac, Ripanjac, sabros, SD izvidjac, sevenino, Shinobi, Singidunumac, srbijaiznadsvega, Srle993, stegonosa, strelac07, Valter071, vathra, Vlad000, voja64, zodiac94, zziko