Provera..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

U poslednje vreme deesava se da mi antivirus pri svakom restartovanju ili paljenju racunara, ostane iskljucen. Moram rucno da ga pokrenem.



I Mozilla cesto zabaguje, odnosno ako ima vise tab-ova otvorenih, ne mogu da ih zatvorim na x.. ( not responding ).

Evo logova :

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by home at 2014-08-28 23:54:05
Running from C:\Users\home\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
Camtasia Studio 7 (HKLM\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM Content (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.1 - Corel Corporation) Hidden
f.lux (HKCU\...\Flux) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastImageResizer (remove only) (HKLM\...\FastImageResizer) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 7 Update 3 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217003FF}) (Version: 7.0.30 - Oracle)
Java(TM) SE Development Kit 7 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170030}) (Version: 1.7.0.30 - Oracle)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
JavaFX 2.0.3 SDK (HKLM\...\{2222706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Lexmark 2300 Series (HKLM\...\Lexmark 2300 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.10000.1.0 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sweex Universal Webcam Driver (HKLM\...\{7F57C5DC-8BA6-4835-A94A-D114D1FD9539}) (Version: 1.01.0000 - Sweex Europe BV)
TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
USB Storage Driver (HKLM\...\GENEUIDE) (Version: - )
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare PDF Password Remover (Build 1.3.0) (HKLM\...\{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1) (Version: - Wondershare Software)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{2CA70706-BDB8-58D0-9FFE-51F3E49C6918}\InprocServer32 -> C:\Users\home\AppData\Roaming\F4\F4WebPlugin\npF4WebPlugin.dll (F4)
CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\home\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\home\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-114216601-822559738-1786813509-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================

18-08-2014 14:50:28 Windows Update
22-08-2014 06:34:57 Windows Update
26-08-2014 15:10:39 Windows Update
27-08-2014 21:38:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2013-07-17 18:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09C593CA-B860-4174-8E73-A07F6DDBB138} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000UA => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {319DD27B-73D0-4F8C-92D7-5BC0C681E63E} - System32\Tasks\{1F645FDD-C315-4248-BE32-A462440493BC} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {3D99FD81-88B3-49B7-AFC0-259A506EF358} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {49DBDEE3-D250-4822-B3E6-648FE39119DB} - System32\Tasks\{FF9CD735-E29C-4A4C-994D-B022A169106D} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {4E9D0059-4096-43DF-9602-1B5994D6558D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-114216601-822559738-1786813509-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5BC1320B-3F85-4426-8307-198F4EED9B00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {705F0284-05CA-4264-8666-1B35DC6A176F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000Core => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {93586007-41B7-4FA2-BE46-A675F97AC429} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-114216601-822559738-1786813509-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A05A5854-0C15-479B-9A69-642D5FDF82D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {B98A5568-67A4-41FA-B295-1439F098C38D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {D182F938-5467-4F53-B900-D4F2E53E0EF7} - System32\Tasks\RealCreateProcessScheduledTask31254566S-1-5-21-114216601-822559738-1786813509-1000 => E:\programi\real pleyer\Update\RealOneMessageCenter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000Core.job => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000UA.job => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-17 23:45 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-04-15 04:26 - 2012-02-18 05:55 - 00166912 _____ () E:\programi\winrar\rarext.dll
2012-04-17 06:23 - 2005-12-14 00:52 - 00122880 _____ () C:\Program Files\Lexmark 2300 Series\lxcgdrec.dll
2012-04-17 06:23 - 2005-06-15 02:08 - 00196608 _____ () C:\Program Files\Lexmark 2300 Series\iptk.dll
2003-12-31 00:39 - 2003-12-31 00:39 - 00040960 ____N () C:\Windows\vsnpstd.exe
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-07-30 19:21 - 2014-07-30 19:21 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 03:04:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xf2c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/28/2014 03:04:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 31.0.0.5310 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d18

Start Time: 01cfc28e122ba8e4

Termination Time: 896

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: bd8b4159-2eb3-11e4-a027-406186c9f857

Error: (08/27/2014 03:11:27 PM) (Source: Google Update) (EventID: 20) (User: home-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (08/27/2014 11:17:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mspaint.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7ac

Start Time: 01cfc1d76e60d15e

Termination Time: 79

Application Path: C:\Windows\system32\mspaint.exe

Report Id: f3eac669-2dca-11e4-978c-406186c9f857

Error: (08/26/2014 06:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x0009d14f
Faulting process id: 0x9a0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/24/2014 07:00:12 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup had to skip all the drives included in backup. Make sure that the drives are plugged in and working correctly. (0x810000FF).

Error: (08/20/2014 10:10:37 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Steam folder not found

Error: (08/20/2014 10:10:37 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to find Steam.exe

Error: (08/20/2014 09:50:46 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Steam folder not found

Error: (08/20/2014 09:50:46 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to find Steam.exe


System errors:
=============
Error: (08/28/2014 11:39:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/28/2014 11:39:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/28/2014 11:37:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (08/28/2014 05:08:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/28/2014 05:08:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/28/2014 05:06:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (08/28/2014 09:05:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/28/2014 09:05:00 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/28/2014 09:02:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (08/28/2014 06:17:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 2047.24 MB
Available physical RAM: 922.08 MB
Total Pagefile: 4094.48 MB
Available Pagefile: 2651.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:80.85 GB) (Free:44.11 GB) NTFS
Drive e: () (Fixed) (Total:384.81 GB) (Free:41.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0009822E)
Partition 1: (Active) - (Size=30 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=384.8 GB) - (Type=OF Extended)

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

I iskopirao si i prikacio isti sekundarni FRST log. Potreban nam je i primarni. Trebao bi da se nalazi na istoj lokaciji gde se nalazi i sam alat ... ili prosto ponovo pokreni FRST, lupi Scan dugme i alat ce formirati svez primarni (FRST.txt) izvestaj.

Iskopiraj taj izvestaj u temu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo :


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by home (administrator) on HOME-PC on 29-08-2014 00:06:49
Running from C:\Users\home\Desktop\New folder
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
( ) C:\Windows\System32\lxcgcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2300 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\vsnpstd.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Flux Software LLC) C:\Users\home\AppData\Local\FluxSoftware\Flux\flux.exe
(Vimicro Corporation) E:\programi\webCam\VMonitor.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LXCGCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 (the data entry has 59 more characters).
HKLM\...\Run: [lxcgmon.exe] => C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [205744 2007-04-30] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2300 Series\ezprint.exe [103344 2007-04-30] (Lexmark International Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NBAgent] => E:\programi\nero\install\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [40960 2003-12-31] ()
HKU\S-1-5-21-114216601-822559738-1786813509-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-114216601-822559738-1786813509-1000\...\Run: [F.lux] => C:\Users\home\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-114216601-822559738-1786813509-1000\...\Run: [Facebook Update] => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sweex snapshot button monitor.lnk
ShortcutTarget: Sweex snapshot button monitor.lnk -> E:\programi\webCam\VMonitor.exe (Vimicro Corporation)
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: ?z??

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7C2E4495B60CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0dhk0jyl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.3.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: f4-group.com/F4WebPlugin -> C:\Users\home\AppData\Roaming\F4\F4WebPlugin\npF4WebPlugin.dll (F4)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Bitdefender QuickScan - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0dhk0jyl.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-11] (Adobe Systems) [File not signed]
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxcg_device; C:\Windows\system32\lxcgcoms.exe [537520 2007-04-30] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-03-14] (Advanced Micro Devices, Inc.)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-06] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-08-19] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-04-06] (AnchorFree Inc)
R3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [254720 2010-04-29] (Vimicro Corporation)
R3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
U3 a76otpig; C:\Windows\system32\Drivers\a76otpig.sys [0 ] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\home\AppData\Local\Temp\catchme.sys [X]
S3 snpstd; system32\DRIVERS\snpstd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 00:06 - 2014-08-29 00:06 - 00000000 ____D () C:\Users\home\Desktop\New folder
2014-08-28 23:53 - 2014-08-29 00:06 - 00000000 ____D () C:\FRST
2014-08-27 20:01 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:01 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 06:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 06:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 06:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 06:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 06:19 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 06:18 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 06:18 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 06:18 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 06:18 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 06:18 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 06:18 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 06:18 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 06:18 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 06:18 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 06:18 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 06:18 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 06:18 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 06:18 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 06:18 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 06:18 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 06:18 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 06:18 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 06:18 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 06:18 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 06:18 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 06:18 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 06:18 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 06:18 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 06:18 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 06:18 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 06:18 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 06:18 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 06:18 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 06:18 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 06:18 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 06:18 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 06:18 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 06:18 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-15 06:18 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 06:17 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 06:17 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 06:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 06:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 06:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 06:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 06:17 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 06:17 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 06:17 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 06:17 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 06:17 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 06:17 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 06:17 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 07:41 - 2014-08-12 07:42 - 00000000 ____D () C:\Program Files\PhotoScape
2014-08-12 07:41 - 2014-08-12 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-08-12 07:39 - 2014-08-18 17:56 - 00000000 ____D () C:\Users\home\AppData\Roaming\rmi
2014-08-11 17:29 - 2014-08-28 23:36 - 00002744 _____ () C:\Windows\setupact.log
2014-08-11 17:29 - 2014-08-28 23:36 - 00001370 _____ () C:\Windows\PFRO.log
2014-08-11 17:29 - 2014-08-11 17:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:20 - 2014-08-11 16:20 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieUserList
2014-08-11 16:20 - 2014-08-11 16:20 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieSiteList
2014-08-11 08:19 - 2014-08-12 07:45 - 00000000 ____D () C:\Users\home\AppData\Roaming\PhotoScape
2014-08-08 09:03 - 2014-08-08 09:03 - 00000898 _____ () C:\Users\home\Desktop\Counter-Strike WaRzOnE.lnk
2014-08-08 09:03 - 2014-08-08 09:03 - 00000782 _____ () C:\Users\home\Desktop\Half-Life WaRzOnE.lnk
2014-08-08 09:03 - 2014-08-08 09:03 - 00000716 _____ () C:\Users\home\Desktop\HLDS.lnk
2014-08-02 20:54 - 2014-08-02 20:54 - 00000000 ____D () C:\Users\home\Desktop\moto
2014-08-01 06:06 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 06:06 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 06:06 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 06:06 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 06:06 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 06:06 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 06:06 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 06:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 06:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 19:21 - 2014-07-30 19:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 00:06 - 2014-08-29 00:06 - 00000000 ____D () C:\Users\home\Desktop\New folder
2014-08-29 00:06 - 2014-08-28 23:53 - 00000000 ____D () C:\FRST
2014-08-28 23:49 - 2012-04-29 21:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 23:48 - 2013-08-19 15:31 - 02018752 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 23:45 - 2012-04-12 06:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 23:44 - 2009-07-14 06:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 23:44 - 2009-07-14 06:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 23:39 - 2014-06-23 19:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 23:37 - 2012-04-29 21:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 23:37 - 2012-04-12 07:59 - 00000000 ____D () C:\ProgramData\MCShield
2014-08-28 23:36 - 2014-08-11 17:29 - 00002744 _____ () C:\Windows\setupact.log
2014-08-28 23:36 - 2014-08-11 17:29 - 00001370 _____ () C:\Windows\PFRO.log
2014-08-28 23:36 - 2012-11-17 23:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-28 23:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 21:11 - 2012-06-28 18:01 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000UA.job
2014-08-28 06:16 - 2009-07-14 06:33 - 03910944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 19:21 - 2012-09-21 23:04 - 00000000 ____D () C:\Users\home\AppData\Roaming\BitTorrent
2014-08-27 06:11 - 2012-06-28 18:01 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-114216601-822559738-1786813509-1000Core.job
2014-08-26 17:27 - 2014-04-17 12:25 - 00000000 ____D () C:\Users\home\Desktop\miss
2014-08-26 17:02 - 2012-09-04 19:45 - 00000000 ____D () C:\Users\home\AppData\Roaming\QuickScan
2014-08-23 03:46 - 2014-08-27 20:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-27 20:01 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 12:43 - 2012-04-17 06:56 - 00000000 ____D () C:\Users\home\AppData\Roaming\Skype
2014-08-20 06:50 - 2013-03-21 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-18 17:56 - 2014-08-12 07:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\rmi
2014-08-15 12:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-15 12:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 08:48 - 2014-05-28 15:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 07:00 - 2012-10-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 06:59 - 2013-07-23 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 06:57 - 2012-04-14 17:38 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 07:45 - 2014-08-11 08:19 - 00000000 ____D () C:\Users\home\AppData\Roaming\PhotoScape
2014-08-12 07:42 - 2014-08-12 07:41 - 00000000 ____D () C:\Program Files\PhotoScape
2014-08-12 07:41 - 2014-08-12 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-08-11 17:29 - 2014-08-11 17:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:20 - 2014-08-11 16:20 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieUserList
2014-08-11 16:20 - 2014-08-11 16:20 - 00000000 __SHD () C:\Users\home\AppData\Local\EmieSiteList
2014-08-11 16:20 - 2012-04-29 21:19 - 00000000 ____D () C:\Users\home\AppData\Local\Google
2014-08-11 16:20 - 2012-04-29 21:19 - 00000000 ____D () C:\Program Files\Google
2014-08-11 15:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-08-09 22:37 - 2012-04-11 20:10 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 20:37 - 2013-04-18 11:08 - 00000000 ____D () C:\Users\home\Desktop\Ana
2014-08-08 09:03 - 2014-08-08 09:03 - 00000898 _____ () C:\Users\home\Desktop\Counter-Strike WaRzOnE.lnk
2014-08-08 09:03 - 2014-08-08 09:03 - 00000782 _____ () C:\Users\home\Desktop\Half-Life WaRzOnE.lnk
2014-08-08 09:03 - 2014-08-08 09:03 - 00000716 _____ () C:\Users\home\Desktop\HLDS.lnk
2014-08-07 17:55 - 2014-06-08 10:17 - 00000000 ___RD () C:\Program Files\Skype
2014-08-07 03:43 - 2014-08-15 06:17 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-15 06:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 06:30 - 2012-04-17 06:23 - 00000000 ____D () C:\Program Files\Lx_cats
2014-08-02 20:54 - 2014-08-02 20:54 - 00000000 ____D () C:\Users\home\Desktop\moto
2014-08-01 01:16 - 2014-08-15 06:18 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 06:12 - 2013-07-17 18:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 19:21 - 2014-07-30 19:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 07:11 - 2014-03-12 13:17 - 00000000 ____D () C:\Games

Files to move or delete:
====================
C:\Users\home\a3dapi.dll
C:\Users\home\Core.dll
C:\Users\home\Counter-Strike WaRzOnE.bat
C:\Users\home\crashhandler.dll
C:\Users\home\dbg.dll
C:\Users\home\DemoPlayer.dll
C:\Users\home\FileSystem_Stdio.dll
C:\Users\home\FileSystem_Steam.dll
C:\Users\home\Half-Life WaRzOnE.bat
C:\Users\home\hl.exe
C:\Users\home\hlds.exe
C:\Users\home\hltv.exe
C:\Users\home\hw.dll
C:\Users\home\hwpatcher.dll
C:\Users\home\Mss32.dll
C:\Users\home\msvcr100.dll
C:\Users\home\proxy.dll
C:\Users\home\revSrvBrowser.dll
C:\Users\home\Steam.dll
C:\Users\home\steamclient.dll
C:\Users\home\steamclient_orig.dll
C:\Users\home\steam_api.dll
C:\Users\home\steam_api_c.dll
C:\Users\home\Steam_orig.dll
C:\Users\home\sw.dll
C:\Users\home\swds.dll
C:\Users\home\tier0.dll
C:\Users\home\tier0_s.dll
C:\Users\home\upatch.dll
C:\Users\home\vgui.dll
C:\Users\home\vgui2.dll
C:\Users\home\voice_miles.dll
C:\Users\home\voice_speex.dll
C:\Users\home\vstdlib.dll
C:\Users\home\vstdlib_s.dll


Some content of TEMP:
====================
C:\Users\home\AppData\Local\temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 12:25

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.28.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17239
home :: HOME-PC [administrator]

8/29/2014 6:19:16 AM
mbar-log-2014-08-29 (06-19-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 328677
Time elapsed: 13 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kompjuter je čist, nema nikakvih tragova malware-a. To je verovatno neki bug antivirusa.



• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradjeno, hvala