tražeći Reaver, dobio sam virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

malopre sam skinuo lažnu instalaciju za Reaver i pokupio virus. manifestuje se tako što ledi prozore i svaka komanda na računaru je usporena, takođe je i search u browseru promenjen. inače, koristim wireless od komšija, koji imam po sat vremena dnevno, tako da ko zna kad ću videti odgovor ovde. unapred hvala.


evo rezultata:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by Mesh (administrator) on DIOGEN (14-09-2015 12:09:36)
Running from C:\Users\Mesh\Desktop
Loaded Profiles: Mesh (Available Profiles: Mesh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(DTools LIMITED) C:\ProgramData\nWdsManPron\WdsManPro.exe
() C:\Program Files (x86)\SFK\SFKEX64.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1C56B0E3-AB8F-4DAB-AF2D-1A64BB81223B}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{802476BF-2C34-448B-85E6-8A295CD6DA12}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E965BB53-6483-48B6-8A03-D9AF96D1659F}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-03-03] (Microsoft Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: No Name -> {f9d1c08c-2031-4e6c-ab51-50330ac2d988} -> No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-09-13] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-4209369173-3384524162-1790046760-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mesh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-21] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\user.js [2015-02-14]
FF user.js: detected! => C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\user.js [2015-02-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2003-05-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\bingp.xml [2013-08-22]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml [2015-09-14]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\youtube-video-search.xml [2015-03-08]
FF Extension: Fasterfox Lite - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\FasterFox_Lite@BigRedBrent [2012-11-29]
FF Extension: 8 Ultimo - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2012-11-29]
FF Extension: FT DeepDark - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012-11-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-29]
FF Extension: Australis - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\Australis@SoapyHamHocks.xpi [2012-11-29]
FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\firefox-extension@shareaholic.com.xpi [2012-11-29]
FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\nasanightlaunch@example.com.xpi [2012-11-29]
FF Extension: Feedback - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\testpilot@labs.mozilla.com.xpi [2012-10-31]
FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\thumbnailZoom@dadler.github.com.xpi [2012-12-08]
FF Extension: MeasureIt - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-29]
FF Extension: Adblock Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\x2udtauw.Keri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-29]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\cryptocat@crypto.cat.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-04]
FF Extension: Shareaholic - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\firefox-extension@shareaholic.com.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\maskingagent@basa.nl.xpi [2014-07-04]
FF Extension: NASA Night Launch - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nasanightlaunch@example.com.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\nightlaunchcompanion@example.com.xpi [2014-07-04]
FF Extension: Thumbnail Zoom Plus - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-07-04]
FF Extension: Session Manager - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
FF Extension: Thumbnail Zoom - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\ackepv40.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\jid1-MnnxcxisBPnSXQ-eff@jetpack.xpi [2015-08-27]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-04]
FF Extension: No Name - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-07-24]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2012-09-29]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2012-09-29]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.oursurfing.com/?type=sc&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS

Chrome:
=======
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS&q={searchTerms}
CHR DefaultSearchKeyword: Default -> oursurfing
CHR Profile: C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Google Docs) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-11]
CHR Extension: (Google Drive) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-11]
CHR Extension: (YouTube) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-11]
CHR Extension: (Freemake Video Downloader) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-03-17]
CHR Extension: (Google Search) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-11]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-03-17]
CHR Extension: (Google Sheets) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (khhbkiedoogpgipchgfiikmcfmglffdh) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh [2015-04-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (CinemaP-1.9cV13.08) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-13]
CHR Extension: (Google Wallet) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-07-25]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-09-29]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe oursurfing.com/?type=sc&ts=14422239.....X12RHF2XBS

Opera:
=======
OPR Extension: (Fastest Facebook™) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\fneegbjfomckiofaikblpahnnhhaacel [2014-06-29]
OPR Extension: (CinemaP-1.9cV13.08) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-13]
OPR Extension: (Pixezoom: Pixel-Perfect Zoom) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhkfophdaplidchjldgoallpdeaondlb [2014-06-29]
OPR Extension: (Adblock Plus) - C:\Users\Mesh\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-29]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe oursurfing.com/?type=sc&ts=14422239.....X12RHF2XBS

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-08-09] (ESET)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-08-05] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2012-08-05] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [450048 2015-09-14] (TODO: <公司名>) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-12-07] (Microsoft Corporation) [File not signed]
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WdsManPro; C:\ProgramData\nWdsManPron\WdsManPro.exe [451720 2015-09-14] (DTools LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
S4 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
S4 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-23] (Duplex Secure Ltd.)
U3 a0bc46mt; C:\Windows\System32\Drivers\a0bc46mt.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S1 HyperVM; \??\C:\Windows\system32\drivers\hvm.sys [X]
S0 sysmon; system32\DRIVERS\sysmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 12:09 - 2015-09-14 12:10 - 00025221 _____ C:\Users\Mesh\Desktop\FRST.txt
2015-09-14 12:09 - 2015-09-14 12:09 - 00000000 ____D C:\Users\Mesh\Desktop\FRST-OlderVersion
2015-09-14 12:03 - 2015-09-14 12:03 - 00003388 _____ C:\Windows\System32\Tasks\AmiUpdXp
2015-09-14 12:03 - 2015-09-14 12:03 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-09-14 12:03 - 2015-09-14 12:03 - 00000000 ____D C:\Users\Mesh\AppData\Local\20884
2015-09-14 11:48 - 2015-09-14 11:52 - 00000000 ____D C:\Program Files (x86)\SFK
2015-09-14 11:48 - 2015-09-14 11:49 - 00000000 ____D C:\ProgramData\nWdsManPron
2015-09-14 11:48 - 2015-09-14 11:48 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-14 11:48 - 2015-09-14 11:48 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\oursurfing
2015-09-14 11:41 - 2015-09-14 11:41 - 00004264 _____ C:\Windows\System32\Tasks\amiupdaterExi
2015-09-14 11:41 - 2015-09-14 11:41 - 00003388 _____ C:\Windows\System32\Tasks\amiupdaterExd
2015-09-11 15:10 - 2015-09-14 11:27 - 00002428 _____ C:\Windows\setupact.log
2015-09-11 15:10 - 2015-09-11 15:10 - 00000000 _____ C:\Windows\setuperr.log
2015-09-11 15:09 - 2015-09-11 15:10 - 05065096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-11 15:09 - 2015-09-11 15:09 - 00001484 _____ C:\Windows\PFRO.log
2015-09-08 10:16 - 2015-09-08 10:16 - 00087208 _____ C:\Users\Mesh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-08 10:00 - 2015-09-08 10:00 - 00003120 _____ C:\Windows\System32\Tasks\{AAD88BE6-4DA4-4475-85AB-7CDFA8F7B5E6}
2015-09-06 18:18 - 2015-09-06 18:18 - 00000000 ____D C:\Users\Mesh\Documents\Readon Player
2015-09-06 18:18 - 2015-09-06 18:18 - 00000000 ____D C:\Users\Mesh\AppData\Local\Readon_Technology
2015-08-28 07:32 - 2015-08-28 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 23:33 - 2015-08-27 23:33 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\Sun
2015-08-27 23:33 - 2015-08-27 23:33 - 00000000 ____D C:\Users\Mesh\.oracle_jre_usage
2015-08-27 23:30 - 2015-08-27 23:30 - 00584288 _____ (Oracle Corporation) C:\Users\Mesh\Desktop\jxpiinstall.exe
2015-08-27 19:02 - 2015-08-27 19:02 - 19927752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 12:09 - 2015-08-14 13:44 - 00000000 ____D C:\FRST
2015-09-14 12:09 - 2015-08-14 13:42 - 02190848 _____ (Farbar) C:\Users\Mesh\Desktop\FRST64.exe
2015-09-14 12:07 - 2014-01-21 13:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 11:52 - 2013-01-24 04:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 11:46 - 2015-01-07 17:43 - 00002479 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-14 11:46 - 2014-10-02 18:12 - 00001447 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-14 11:46 - 2013-09-06 00:44 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-14 11:46 - 2012-11-27 05:56 - 00001459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-14 11:46 - 2012-10-23 16:36 - 00001394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora.lnk
2015-09-14 11:46 - 2012-10-23 16:36 - 00001382 _____ C:\Users\Public\Desktop\Aurora.lnk
2015-09-14 11:32 - 2014-08-14 18:38 - 02072220 _____ C:\Windows\WindowsUpdate.log
2015-09-14 11:29 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 00:25 - 2012-07-24 22:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2015-09-13 23:48 - 2015-05-12 16:30 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\AIMP3
2015-09-13 19:21 - 2014-01-21 13:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 09:18 - 2014-01-02 13:12 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\.minecraft
2015-09-13 09:18 - 2012-07-24 23:20 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\uTorrent
2015-09-12 22:04 - 2012-10-01 04:13 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{84005110-EA47-4FCC-A8B1-0CFC2347E861}
2015-09-12 21:58 - 2009-07-14 06:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-12 21:58 - 2009-07-14 06:45 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-12 14:37 - 2012-07-25 01:58 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\Adobe
2015-09-12 14:33 - 2012-07-24 22:42 - 00000000 ____D C:\Users\Mesh\AppData\Roaming\vlc
2015-09-12 14:13 - 2012-12-25 17:10 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-12 14:12 - 2012-07-25 01:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-12 14:12 - 2012-07-24 20:28 - 00000000 ____D C:\Users\Mesh
2015-09-12 14:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 14:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-09-12 13:49 - 2013-09-06 00:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-12 13:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-11 14:49 - 2009-07-14 07:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-08 06:06 - 2014-01-25 15:36 - 00000000 ____D C:\Program Files (x86)\WarThunder
2015-09-08 06:03 - 2013-10-30 04:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-08-28 19:31 - 2012-10-23 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 23:33 - 2014-01-22 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:33 - 2013-10-20 23:24 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 23:32 - 2014-01-22 00:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-27 23:31 - 2013-03-10 16:32 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 19:02 - 2014-01-21 13:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 19:02 - 2014-01-21 13:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-27 19:02 - 2013-01-24 04:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-27 19:02 - 2012-11-21 05:17 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-27 19:02 - 2012-11-21 05:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-21 13:48 - 2014-06-05 21:01 - 00003818 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1378421089
2015-08-20 06:31 - 2014-08-20 21:41 - 00000000 ____D C:\Users\Mesh\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-08-18 01:58 - 2012-08-18 01:58 - 0893936 _____ (Oracle Corporation) C:\Program Files\chromeinstall-7u5.exe
2013-03-11 20:30 - 2013-03-11 20:30 - 0000132 _____ () C:\Users\Mesh\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-07-25 00:47 - 2012-07-25 00:47 - 0007605 _____ () C:\Users\Mesh\AppData\Local\Resmon.ResmonCfg
2012-12-08 19:20 - 2012-12-08 19:20 - 0000032 RSHOT () C:\Users\Mesh\AppData\Local\t65s2tb.dat
2015-09-14 11:48 - 2015-09-14 11:48 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Mesh\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Mesh\AppData\Local\Temp\ReaverPro2(zabranjeno)FullVersionForWindowsDownload__11652_il77739.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-11 19:07

==================== End of FRST.txt ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav crno dete,

Zaboravio si da nam okacis dodatni Additional.txt izvestaj koji je takodje jako bitan za analizu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

ooops, oprosti. juče sam požurio u strahu da će veza da nestane, ponovo sam skenirao računar i šaljem oba rezultata.

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, odakle da pocnem. Sto se tice instaliranih programa, nisam nasao ni jedan potencialno maliciozan sto ce reci da su svi legitimni, ali narodno receno, imas mnogo gluposti instalirano. Prelistaj u slobodno vreme Programs and Features iz Control Panela pa prosto deinstaliraj ono sto ti je zaista nepotrebno. No to ces kasnije....

Isto vazi i za browsere, pogotovo tvoj Firefox. Imas mnostvo nepotrebnih add-ona sto gusi sam browser. Moraces bar njega dovesti do nivoa higijene. Po ciscenju, njega je potrebno resetovati.

Sto se tice Security Softvera, tvoj ESET SS je outdated, iliti neazuriran. I po tom pitanju ces morati nesto da uradis.

Sto se tice sistema, on je inficiran, te krecemo sa uklanjanjem. Sledeca procedura ce reci alatu da agresivno ukloni malware sa sistema kao i da odradi neka dodatne akcije i ciscenja.
Nakon doga, moramo da odradimo dodatnu proveru na drugom layeru.






Korak #1
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

START
CreateRestorePoint:
CMD: netsh advfirewall set allprofiles state ON

FindFolder: iLivid

File: C:\Windows\system32\themeservice.dll

Unlock: C:\Windows\System32\Drivers\a5imx1pv.sys
Unlock: C:\Program Files (x86)\SFK\SSFK.exe

CloseProcesses:
U3 a5imx1pv; C:\Windows\System32\Drivers\a5imx1pv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [450048 2015-09-14] (TODO: <公司名>) [File not signed]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {f9d1c08c-2031-4e6c-ab51-50330ac2d988} ->  No File
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml [2015-09-14]
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS&q={searchTerms}
CHR DefaultSearchKeyword: Default -> oursurfing
CHR Extension: (khhbkiedoogpgipchgfiikmcfmglffdh) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh [2015-04-05]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.oursurfing.com/?type=sc&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.oursurfing.com/?type=sc&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS

Hosts:
C:\Program Files (x86)\SFK
C:\ProgramData\nWdsManPron
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml
C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url>

RemoveProxy:
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

EmptyTemp:
END

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.










Korak #2
Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.









Korak #3
Potrebno je postaviti Firefox pretrazivac na njegova podrazumevana podesavanja. Evo kako to da uradis;
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings






.









Postavi mi trazene izvestaje i reci mi kako ti se sada ponasa racunar.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

evo, posle 12 dana sam dobio vezu. uspešno sam uradio sve potrebno. računar je sada ok. istina, imam dosta nepotrebmih programa i programčića. rešiću to. sredio sam i browser.
velika hvala

mycity.rs/must-login.png



Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Mesh (2015-09-26 10:19:01) Run:1
Running from C:\Users\Mesh\Desktop
Loaded Profiles: Mesh (Available Profiles: Mesh)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CreateRestorePoint:
CMD: netsh advfirewall set allprofiles state ON

FindFolder: iLivid

File: C:\Windows\system32\themeservice.dll

Unlock: C:\Windows\System32\Drivers\a5imx1pv.sys
Unlock: C:\Program Files (x86)\SFK\SSFK.exe

CloseProcesses:
U3 a5imx1pv; C:\Windows\System32\Drivers\a5imx1pv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [450048 2015-09-14] (TODO: <???>) [File not signed]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {f9d1c08c-2031-4e6c-ab51-50330ac2d988} -> No File
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
FF SearchPlugin: C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml [2015-09-14]
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS&q={searchTerms}
CHR DefaultSearchKeyword: Default -> oursurfing
CHR Extension: (khhbkiedoogpgipchgfiikmcfmglffdh) - C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh [2015-04-05]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe oursurfing.com/?type=sc&ts=14422239.....X12RHF2XBS
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe oursurfing.com/?type=sc&ts=14422239.....X12RHF2XBS

Hosts:
C:\Program Files (x86)\SFK
C:\ProgramData\nWdsManPron
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml
C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url>

RemoveProxy:
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

EmptyTemp:
END
*****************

Restore point was successfully created.

========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========

================== FindFolder: "iLivid" ===================

No File

=== End of FindFolder ===

========================= File: C:\Windows\system32\themeservice.dll ========================

File not signed
MD5: BF69CDEDB4F36015E43DC8117134F058
Creation and modification date: 2009-07-14 01:54 - 2014-12-07 22:40
Size: 0044544
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: THEMESERVICE
Original Name: THEMESERVICE.DLL.MUI
Product: Microsoft® Windows® Operating System
Description: Windows Shell Theme Service Dll
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======

"C:\Windows\System32\Drivers\a5imx1pv.sys" => not found.
"C:\Program Files (x86)\SFK\SSFK.exe" => File/Folder was unlocked
Processes closed successfully.
a5imx1pv => service not found.
SSFK => Unable to stop service.
SSFK => service removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9d1c08c-2031-4e6c-ab51-50330ac2d988}" => key removed successfully
HKCR\Wow6432Node\CLSID\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} => key not found.
FF NewTab: chrome://quick_start/content/index.html => not found
FF DefaultSearchEngine: oursurfing => not found
FF SelectedSearchEngine: oursurfing => not found
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1442223987&z=295c66644f1521b8e32c3f5gazbzboeo1occbt1t6c&from=amt&uid=TOSHIBAXMK6475GSX_12RHF2XBSXX12RHF2XBS => not found
C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml => moved successfully
Chrome HomePage removed successfully
Chrome StartupUrls removed successfully
Chrome DefaultSearchURL removed successfully
Chrome DefaultSearchKeyword removed successfully
C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh => moved successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\Program Files (x86)\SFK => moved successfully
C:\ProgramData\nWdsManPron => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"C:\Users\Mesh\AppData\Roaming\Mozilla\Firefox\Profiles\6rlrjr8h.Meske\searchplugins\oursurfing.xml" => File/Folder not found.
"C:\Users\Mesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhbkiedoogpgipchgfiikmcfmglffdh" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4209369173-3384524162-1790046760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
EmptyTemp: => 771.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:24:30 ====





mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu, odradi sada sledece;



Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
U Options čekiraj Reset Chrome policies ;

Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"




Reci mi kako ti se sada ponasa racunar?