Neželjene reklame i sajtovi u Mozili

Neželjene reklame i sajtovi u Mozili

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

У питању је рачунар мог сина. Проблем праве нежељене рекламе и скок на нежељене сајтове. Рачунар користи за припрему полагања правосудног испита и овај проблем га много омета у раду. Иако сам знао да ADWCLEANER неће помоћи, покушао сам да проблем отклоним помоћу њега. Наравно, безуспешно. Стога се поново обраћам вама за помоћ.
Интернет конекција је ADSL брзине 10 Mb/s.

Frst.TXT:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2015
Ran by Strahinja (administrator) on WR-1250ST on 27-04-2015 00:07:51
Running from C:\Users\Strahinja\Desktop\АЛАТИ ЗА КОМП
Loaded Profiles: Strahinja & UpdatusUser (Available profiles: Strahinja & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY (BIT Software)) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugincontainer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skillbrains) C:\Users\Strahinja\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
() C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82\updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugins\5\Plugin.exe
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugins\3\Plugin.exe
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugins\6\Plugin.exe
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugins\2\Plugin.exe
() C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugins\3\Plugin.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [ModemListener] => C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-27] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2000-01-01] (Realtek Semiconductor)
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [958464 2003-09-11] (Valve Corporation)
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6276888 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\Run: [LightShot] => C:\Users\Strahinja\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {f506ac4a-d65c-11e1-9313-00242166c5ba} - F:\autorun.exe
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {fc2e8159-7c64-11e2-931e-00242166c5ba} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Strahinja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Strahinja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Strahinja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Strahinja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167986498-877584006-2692482209-1177 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {2b28de4f-804e-435a-9388-99d56a3f2820} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-29] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166

FireFox:
========
FF ProfilePath: C:\Users\Strahinja\AppData\Roaming\Mozilla\Firefox\Profiles\jl9t6pgl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2167986498-877584006-2692482209-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Strahinja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-03] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml [2014-11-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml [2014-11-13]
FF Extension: Match Pal - C:\Users\Strahinja\AppData\Roaming\Mozilla\Firefox\Profiles\jl9t6pgl.default\Extensions\{e77bcb30-cc87-4672-9931-3babe2825b9d}.xpi [2015-04-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-17]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Match Pal) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnobhjeemdeeicjmilhjifohhnbijoop [2015-04-26]
CHR Extension: (AdBlock) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]
CHR HKU\S-1-5-21-2167986498-877584006-2692482209-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\STRAHI~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-29] (Avast Software)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] () [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247352 2010-05-11] (HP)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Service Mgr MatchPal; C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugincontainer.exe [556296 2015-04-26] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Update Mgr MatchPal; C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82\updater.exe [478984 2015-04-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-29] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-10-12] ()
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-29] (Avast Software)
S3 cpuz137; \??\C:\Users\STRAHI~1\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 00:07 - 2015-04-27 00:07 - 00000000 ____D () C:\FRST
2015-04-27 00:06 - 2015-04-27 00:06 - 01140736 _____ (Farbar) C:\Users\Strahinja\Downloads\FRST.exe
2015-04-27 00:05 - 2015-04-27 00:05 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-26 23:58 - 2015-04-26 23:58 - 00000000 ____D () C:\Windows\Sun
2015-04-26 23:57 - 2015-04-26 23:57 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-26 23:53 - 2015-04-26 23:53 - 00000000 ____D () C:\Program Files\Match Pal
2015-04-26 08:09 - 2015-04-26 08:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-25 20:12 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-25 20:12 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-25 20:12 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-25 20:12 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-25 20:12 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-25 20:11 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-25 20:11 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-25 20:11 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-25 20:11 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-25 20:11 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-25 20:11 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-25 20:11 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-25 20:11 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-25 20:11 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-25 20:11 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-25 20:11 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-25 20:11 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-25 20:11 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-25 20:11 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-25 20:11 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-25 20:11 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-25 20:11 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-25 20:10 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-25 20:10 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-25 20:10 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-25 20:10 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-25 20:10 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-25 20:10 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-25 20:10 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-25 20:10 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-25 20:10 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-25 20:10 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-25 20:10 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-25 20:10 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-25 20:10 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-25 20:10 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-25 20:10 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-25 20:10 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-25 20:10 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-25 20:10 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-25 20:10 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-25 20:10 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-25 20:10 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-25 20:10 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-25 20:10 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-25 20:10 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-25 20:10 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-25 20:10 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-25 20:10 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-25 20:10 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-25 20:10 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-25 20:10 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-25 20:10 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-25 20:08 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-25 20:08 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-25 20:08 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-25 20:07 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-25 20:07 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-25 20:07 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-25 19:51 - 2015-04-25 19:51 - 00000197 _____ () C:\Windows\system32\2015-04-25-17-51-22.027-AvastVBoxSVC.exe-2916.log
2015-04-07 18:47 - 2015-04-07 18:47 - 00000197 _____ () C:\Windows\system32\2015-04-07-16-47-45.061-AvastVBoxSVC.exe-4032.log
2015-04-02 02:19 - 2015-04-02 02:20 - 00000197 _____ () C:\Windows\system32\2015-04-02-00-19-55.032-AvastVBoxSVC.exe-4244.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 00:07 - 2014-10-12 14:15 - 00000000 ____D () C:\Users\Strahinja\Desktop\АЛАТИ ЗА КОМП
2015-04-27 00:05 - 2014-07-07 21:13 - 00000000 ____D () C:\Users\Strahinja\AppData\Local\Adobe
2015-04-27 00:05 - 2012-07-21 16:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-27 00:05 - 2012-07-21 16:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-27 00:05 - 2012-07-21 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 00:01 - 2012-05-17 23:20 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-27 00:00 - 2009-07-14 06:34 - 00017072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 00:00 - 2009-07-14 06:34 - 00017072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 23:58 - 2015-01-28 19:45 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-26 23:56 - 2015-01-28 19:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-26 23:56 - 2015-01-28 19:45 - 00000000 ____D () C:\Program Files\Java
2015-04-26 23:55 - 2015-02-20 21:02 - 01881100 ____N () C:\Windows\WindowsUpdate.log
2015-04-26 23:50 - 2013-01-09 01:59 - 00000000 ____D () C:\Program Files\Steam
2015-04-26 23:50 - 2012-07-12 00:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 23:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 23:48 - 2014-06-22 21:26 - 00000000 ____D () C:\AdwCleaner
2015-04-26 22:23 - 2012-07-12 00:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 21:19 - 2015-02-12 04:09 - 00000000 ____D () C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82
2015-04-26 21:13 - 2015-02-12 04:09 - 00000000 ____D () C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82
2015-04-26 12:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-26 08:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-26 08:41 - 2012-05-17 23:32 - 00000000 ____D () C:\Program Files\Opera
2015-04-26 08:10 - 2014-12-22 23:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-26 08:10 - 2014-06-22 20:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-26 08:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-25 20:42 - 2013-08-14 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-25 20:36 - 2014-10-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-25 20:36 - 2012-05-17 22:08 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-25 20:35 - 2012-05-17 20:55 - 00770908 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 20:07 - 2012-07-12 00:28 - 00002100 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-25 19:53 - 2015-02-02 19:48 - 00000000 ____D () C:\Users\Strahinja\Desktop\S T R A H I NJ A
2015-04-25 19:45 - 2014-07-07 21:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-07 20:41 - 2015-01-28 21:23 - 00000000 ____D () C:\Users\Strahinja\Desktop\P O L E T DUŽINE
2015-04-07 20:40 - 2015-01-09 08:46 - 00007366 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-07 20:40 - 2013-06-09 19:58 - 00000000 ____D () C:\Program Files\TeamViewer
2015-04-07 20:39 - 2015-01-31 01:03 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-07 20:39 - 2015-01-31 01:03 - 00000886 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-07 19:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2013-07-17 19:10 - 2013-07-17 19:10 - 0002747 _____ () C:\Users\Strahinja\AppData\Local\recently-used.xbel
2014-09-17 17:28 - 2014-09-17 17:28 - 0000003 _____ () C:\Users\Strahinja\AppData\Local\updater.log
2014-09-17 17:28 - 2014-11-22 20:24 - 0000445 _____ () C:\Users\Strahinja\AppData\Local\UserProducts.xml
2014-10-12 17:11 - 2014-10-12 17:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-28 16:54 - 2014-10-28 17:09 - 0000875 _____ () C:\ProgramData\hpzinstall.log
2012-05-30 18:48 - 2012-05-30 19:21 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-07-18 08:04 - 2013-12-29 00:09 - 0028219 _____ () C:\ProgramData\nvModes.001
2013-07-17 18:35 - 2013-11-06 14:52 - 0028219 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Strahinja\AppData\Local\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 19:13

==================== End Of Log ============================

Addition.TXT:
https://www.mycity.rs/must-login.png

Хвала!

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Imaš instaliran program PC Playback v2.0 koji iam funkciju da prati i bilježi sve što ti je prikazano na ekranu. Ako ga niste vi instalirali, deinstalirajte ga.



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {f506ac4a-d65c-11e1-9313-00242166c5ba} - F:\autorun.exe
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {fc2e8159-7c64-11e2-931e-00242166c5ba} - F:\SISetup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167986498-877584006-2692482209-1177 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {2b28de4f-804e-435a-9388-99d56a3f2820} -> No File
FF Extension: Match Pal - C:\Users\Strahinja\AppData\Roaming\Mozilla\Firefox\Profiles\jl9t6pgl.default\Extensions\{e77bcb30-cc87-4672-9931-3babe2825b9d}.xpi [2015-04-26]
CHR Extension: (Match Pal) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnobhjeemdeeicjmilhjifohhnbijoop [2015-04-26]
R2 Service Mgr MatchPal; C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugincontainer.exe [556296 2015-04-26] ()
R2 Update Mgr MatchPal; C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82\updater.exe [478984 2015-04-26] ()
C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82
C:\Program Files\Match Pal
C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Napisano: 27 Apr 2015 23:28

Урадио сам све како си рекао. Ево садржаја фајла fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2015
Ran by Strahinja at 2015-04-27 23:14:54 Run:1
Running from C:\Users\Strahinja\Desktop\АЛАТИ ЗА КОМП
Loaded Profiles: Strahinja & UpdatusUser (Available profiles: Strahinja & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {f506ac4a-d65c-11e1-9313-00242166c5ba} - F:\autorun.exe
HKU\S-1-5-21-2167986498-877584006-2692482209-1001\...\MountPoints2: {fc2e8159-7c64-11e2-931e-00242166c5ba} - F:\SISetup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167986498-877584006-2692482209-1177 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {2b28de4f-804e-435a-9388-99d56a3f2820} -> No File
FF Extension: Match Pal - C:\Users\Strahinja\AppData\Roaming\Mozilla\Firefox\Profiles\jl9t6pgl.default\Extensions\{e77bcb30-cc87-4672-9931-3babe2825b9d}.xpi [2015-04-26]
CHR Extension: (Match Pal) - C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnobhjeemdeeicjmilhjifohhnbijoop [2015-04-26]
R2 Service Mgr MatchPal; C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82\plugincontainer.exe [556296 2015-04-26] ()
R2 Update Mgr MatchPal; C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82\updater.exe [478984 2015-04-26] ()
C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82
C:\Program Files\Match Pal
C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82
EmptyTemp:
*****************

"HKU\S-1-5-21-2167986498-877584006-2692482209-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f506ac4a-d65c-11e1-9313-00242166c5ba}" => Key deleted successfully.
HKCR\CLSID\{f506ac4a-d65c-11e1-9313-00242166c5ba} => Key not found.
"HKU\S-1-5-21-2167986498-877584006-2692482209-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc2e8159-7c64-11e2-931e-00242166c5ba}" => Key deleted successfully.
HKCR\CLSID\{fc2e8159-7c64-11e2-931e-00242166c5ba} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2167986498-877584006-2692482209-1177\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b28de4f-804e-435a-9388-99d56a3f2820}" => Key deleted successfully.
HKCR\CLSID\{2b28de4f-804e-435a-9388-99d56a3f2820} => Key not found.
C:\Users\Strahinja\AppData\Roaming\Mozilla\Firefox\Profiles\jl9t6pgl.default\Extensions\{e77bcb30-cc87-4672-9931-3babe2825b9d}.xpi => Moved successfully.
C:\Users\Strahinja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnobhjeemdeeicjmilhjifohhnbijoop => Moved successfully.
Service Mgr MatchPal => Service stopped successfully.
Service Mgr MatchPal => Service deleted successfully.
Update Mgr MatchPal => Service stopped successfully.
Update Mgr MatchPal => Service deleted successfully.
C:\ProgramData\947e9795-442e-46c4-9869-2da3405d8e82 => Moved successfully.
C:\Program Files\Match Pal => Moved successfully.
C:\Program Files\Common Files\947e9795-442e-46c4-9869-2da3405d8e82 => Moved successfully.
EmptyTemp: => Removed 65 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:15:10 ====
Сада ћу да пошаљем она два "ЗИП" фајла која си ми рекао.

Dopuna: 27 Apr 2015 23:34

Фајл Quarantine.ZIP је око 4,9 MB и успешно сам га аплоадовао. Међутим, овај други фајл AdwCleaner.ZIP је величине преко 25 MB, а максимално може да се пошаље фајл величине 10 MB, па га зато нисам послао. Шта да радим даље?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

WinRAR-om napravi arhivu iz više dijelova, pa onda probaj da pošalješ.
Uputstvo -> http://www.geekpolice.net/t8277-how-to-create-split-archives-with-winrar



Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Фајл AdwCleaner.ZIP је разбијен у три "РАР" фајла, која сам успешно послао.

Ево садржаја mbar-log:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.04.28.02
rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17728
Strahinja :: WR-1250ST [administrator]

28.04.2015 12:43:34
mbar-log-2015-04-28 (12-43-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 394352
Time elapsed: 33 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Strahinja\Documents\skymonk_rapid004.exe (Trojan.Onlinegames) -> Delete on reboot. [9e54c7aa4545191ddfe4e8027b87f20e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Ево и system-log.txt :
https://www.mycity.rs/must-login.png

Позз

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.


Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Miroslav R. Maričić
  • diplomirani inženjer mašinstva, profesor
  • Pridružio: 06 Jun 2012
  • Poruke: 229
  • Gde živiš: Hajdučica, Banat, Srbija

Одрадио.
Хвала! Ziveli

Ko je trenutno na forumu
 

Ukupno su 1214 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 1169 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., AK - 230, AMCXXL, Andrija357, babaroga, BORUTUS, Bubimir, DonRumataEstorski, dragoljub11987, Duh sa sekirom, FOX, GenZee, Georgius, havoc995, ILGromovnik, Istman, krkalon, Kruger, Krusarac, Krvava Devetka, ladro, Lieutenant, lord sir giga, Lubica, manda87, Marko Marković, mercedesamg, opt1, pera bager, samsung, Sančo, sombrero, theNedjeljko, tubular, vasa.93, VJ, voja64, VP6919, vukovi, zdrebac