Nepoznata 'dosada'

1

Nepoznata 'dosada'

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Unazad 2, 3 dana me uznemirava 'prozorče':



Jedino čega se sećam da sam prvo skinuo (ne sećam se sa kog linka) i instalirao pa onda deinstalirao Drop box. Da li je povezano - ne znam...
Avast free, MCShield i MBAM (Premium) nisu reagovali (ili ja ne videh)...

Net mi je ADSL 10 Mb/s

FRST. txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2014 01
Ran by Dušan (administrator) on PC on 16-12-2014 21:08:41
Running from C:\Users\Dušan\Desktop
Loaded Profile: Dušan (Available profiles: Dušan & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Vimicro) C:\Windows\VM302Snap.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google) C:\Users\Dušan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BigDogPath] => C:\Windows\VM302Snap.exe [49152 2007-03-27] (Vimicro)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\...\Run: [Google Update] => "C:\Users\Duaan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\...\MountPoints2: {2e24ebb0-6896-11e4-a334-001fd09bc232} - G:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-1493379602-247656495-3883620430-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-1493379602-247656495-3883620430-1000 - (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1493379602-247656495-3883620430-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1493379602-247656495-3883620430-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&am.....001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default
FF NewTab:
FF SearchEngineOrder.1:
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1493379602-247656495-3883620430-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dušan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1493379602-247656495-3883620430-1000: @talk.google.com/O1DPlugin -> C:\Users\Dušan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1493379602-247656495-3883620430-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dušan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1493379602-247656495-3883620430-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dušan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Dušan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dušan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: EHTip - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\ehtip@robertkatic [2012-10-17]
FF Extension: Free Download Manager plugin - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-14]
FF Extension: Xmarks - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: Qualys BrowserCheck - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-01-22]
FF Extension: WOT - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-13]
FF Extension: Default Full Zoom Level - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-28]
FF Extension: YouTube to MP3 Button - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\flvto@hotger.com.xpi [2014-09-25]
FF Extension: The Addon Bar (restored) - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-06-10]
FF Extension: Scribblies Kids - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE}.xpi [2012-10-20]
FF Extension: X-notifier - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-10-17]
FF Extension: Speed Dial - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-06-06]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-09-23]
FF Extension: Adblock Edge - C:\Users\Dušan\AppData\Roaming\Mozilla\Firefox\Profiles\rnvyst1v.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-17]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahecniedppbghecjdhnhghkblommbjgm [2013-06-09]
CHR Extension: (No Name) - C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje [2013-06-09]
CHR HKLM\...\Chrome\Extension: [ahecniedppbghecjdhnhghkblommbjgm] - C:\Users\Dušan\AppData\Roaming\speedanalysisplus\speedanalysisplus.crx [2013-02-26]
CHR HKLM\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - No Path
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [186760 2013-06-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-22] ()
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20616 2008-07-31] (IVT Corporation.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
S3 vvftav302; C:\Windows\System32\drivers\vvftav302.sys [475136 2007-03-18] (Vimicro Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM302.sys [1471104 2007-04-04] (Vimicro Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 21:08 - 2014-12-16 21:09 - 00016459 _____ () C:\Users\Dušan\Desktop\FRST.txt
2014-12-16 21:07 - 2014-12-16 21:08 - 00000000 ____D () C:\FRST
2014-12-16 21:04 - 2014-12-16 21:04 - 01111040 _____ (Farbar) C:\Users\Dušan\Desktop\FRST.exe
2014-12-16 08:15 - 2014-12-16 08:19 - 00000000 ____D () C:\Users\Dušan\Downloads\Igrice
2014-12-15 08:13 - 2014-12-16 07:58 - 00001917 _____ () C:\Windows\AutoKMS.log
2014-12-15 08:12 - 2014-12-16 07:56 - 00000202 _____ () C:\Windows\setupact.log
2014-12-15 08:12 - 2014-12-15 08:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 09:01 - 2014-12-10 09:01 - 04184641 _____ (Alexander Vigovsky ) C:\Users\Dušan\Downloads\ac3filter_2_6_0b.exe
2014-12-09 02:02 - 2014-12-09 03:05 - 00000000 ___RD () C:\Users\Dušan\Dropbox
2014-12-08 18:44 - 2014-12-09 16:09 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\Dropbox
2014-11-22 22:42 - 2014-12-13 07:42 - 00011102 _____ () C:\Users\Dušan\Desktop\Radine tajne.xlsx
2014-11-22 22:04 - 2014-11-22 22:04 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 22:04 - 2014-11-22 22:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 21:59 - 2014-11-22 21:59 - 00001092 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-22 21:59 - 2014-11-22 21:59 - 00000000 ____D () C:\Program Files\TeamViewer
2014-11-22 21:58 - 2014-11-22 21:58 - 07822880 _____ (TeamViewer GmbH) C:\Users\Dušan\Downloads\TeamViewer_Setup.exe
2014-11-22 21:37 - 2014-11-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 20:59 - 2014-01-13 22:12 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 20:59 - 2012-10-17 23:40 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\Skype
2014-12-16 20:12 - 2012-10-17 22:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 20:10 - 2012-10-18 10:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1493379602-247656495-3883620430-1000UA.job
2014-12-16 19:06 - 2014-05-16 11:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 18:17 - 2012-10-18 10:16 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1493379602-247656495-3883620430-1000Core.job
2014-12-16 12:59 - 2014-01-13 22:12 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 08:02 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 08:02 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 08:01 - 2010-11-20 22:01 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 08:00 - 2012-10-17 10:10 - 01905239 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 07:57 - 2012-10-20 03:08 - 00000000 ____D () C:\ProgramData\MCShield
2014-12-16 07:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 02:02 - 2014-11-10 18:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-14 20:08 - 2012-10-18 11:08 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\uTorrent
2014-12-14 18:08 - 2014-11-10 06:45 - 00000412 _____ () C:\Users\Dušan\Desktop\Korisni patenti.txt
2014-12-13 08:30 - 2014-11-13 07:44 - 00003068 _____ () C:\Users\Dušan\Desktop\New Text Document.txt
2014-12-12 09:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 21:12 - 2012-10-17 22:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 21:12 - 2012-10-17 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 02:05 - 2012-10-21 11:29 - 00000000 ____D () C:\Windows\pss
2014-12-09 02:02 - 2012-10-17 10:17 - 00000000 ____D () C:\Users\Dušan
2014-12-08 19:19 - 2013-03-20 19:36 - 00000000 ____D () C:\Users\Dušan\AppData\Local\Paint.NET
2014-12-07 01:05 - 2014-04-03 15:20 - 00130662 _____ () C:\Users\Dušan\Desktop\Muzika.txt
2014-12-05 01:15 - 2014-05-16 11:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 01:06 - 2012-10-17 11:36 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\Mozilla
2014-12-04 21:50 - 2014-11-05 06:06 - 00000216 _____ () C:\Users\Dušan\Desktop\Index.txt
2014-12-04 21:19 - 2014-05-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 23:40 - 2012-10-17 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-27 22:37 - 2014-04-03 15:20 - 00008246 _____ () C:\Users\Dušan\Desktop\Doskočice.txt
2014-11-26 08:38 - 2012-10-17 21:30 - 00089200 _____ () C:\Users\Dušan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 09:31 - 2009-07-14 05:33 - 00349776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 06:32 - 2013-07-24 04:58 - 00000000 ____D () C:\Users\Guest
2014-11-23 06:32 - 2013-07-20 17:37 - 00000000 ___HD () C:\Users\Akrus Acras
2014-11-23 06:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-23 06:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-11-22 22:05 - 2012-10-17 19:30 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 22:04 - 2014-05-01 07:16 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 22:04 - 2014-01-02 08:29 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-22 22:04 - 2013-02-28 15:07 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 22:04 - 2013-02-28 15:07 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 22:04 - 2012-10-17 19:30 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-22 22:04 - 2012-10-17 19:30 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 22:04 - 2012-10-17 19:30 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-21 06:14 - 2014-05-16 11:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-05-16 11:34 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2012-10-20 04:39 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 06:15 - 2013-09-08 10:01 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\vlc
2014-11-19 21:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-18 15:01 - 2012-10-17 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-17 08:06 - 2009-07-14 05:53 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-16 12:27 - 2012-10-18 08:34 - 00000000 ____D () C:\Users\Dušan\AppData\Roaming\foobar2000

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 02:36

==================== End Of Log ============================

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
CHR HKLM\...\Chrome\Extension: [ahecniedppbghecjdhnhghkblommbjgm] - C:\Users\Dušan\AppData\Roaming\speedanalysisplus\speedanalysisplus.crx [2013-02-26]
CHR HKLM\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - No Path
CHR Extension: (No Name) - C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahecniedppbghecjdhnhghkblommbjgm [2013-06-09]
Task: {0E9A1E78-A8EF-479F-9D72-8CFCC9F5AB2A} - System32\Tasks\{DDB56341-0325-4CA9-859D-E5BC9C921ADD} => pcalua.exe -a "E:\PROGRAMI\NetFremwork 3.5 setup.exe" -d E:\PROGRAMI
Task: {6CF8435C-93E3-4C58-9FBB-606F666E66A6} - System32\Tasks\{7F35614C-B0FA-45E6-9C8A-9A73D709403C} => pcalua.exe -a "C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe" -d C:\Users\Dušan\Desktop
Task: {6E3D0648-36D9-4580-9638-4B6F7EBCB273} - System32\Tasks\{5683A3D5-8478-4199-BA3C-FA9EBD6D9060} => pcalua.exe -a G:\Install_Nokia_Ovi_Suite.exe -d G:\
Task: {6EE4740D-8852-47FD-8372-FA96BACA2A5B} - System32\Tasks\{5C6DA0AE-A764-4858-9E9D-D1E7138B782A} => pcalua.exe -a D:\Users\Dusan\Downloads\WinASO_RO_v4.7.6.exe -d D:\Users\Dusan\Downloads
Task: {6FCDBA8C-7507-46BE-906E-26817945041B} - System32\Tasks\{4779C102-4F15-4F02-8F2F-289F69A1A003} => pcalua.exe -a D:\Instalacije\revouninstaller-portable\Revouninstaller.exe -d D:\Instalacije\revouninstaller-portable
Task: {9010B2F8-0ECE-47E1-B94D-232C620D7343} - System32\Tasks\{33F58BF3-599A-47C5-9A26-04F3EFBAB064} => pcalua.exe -a C:\Users\Dušan\Downloads\WinASO_RO_v4.7.7.exe -d C:\Users\Dušan\Downloads
Task: {E04C6F9D-1B6F-40BE-891F-3580D4817AF6} - System32\Tasks\{B62D238F-7DE0-43FC-9766-308E3DCC1872} => pcalua.exe -a C:\Users\Dušan\Downloads\jxpiinstall.exe -d C:\Users\Dušan\Downloads
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
C:\Users\Dušan\AppData\Roaming\speedanalysisplus
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by Dušan at 2014-12-17 20:18:13 Run:1
Running from C:\Users\Dušan\Desktop
Loaded Profile: Dušan (Available profiles: Dušan & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
CHR HKLM\...\Chrome\Extension: [ahecniedppbghecjdhnhghkblommbjgm] - C:\Users\Dušan\AppData\Roaming\speedanalysisplus\speedanalysisplus.crx [2013-02-26]
CHR HKLM\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - No Path
CHR Extension: (No Name) - C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahecniedppbghecjdhnhghkblommbjgm [2013-06-09]
Task: {0E9A1E78-A8EF-479F-9D72-8CFCC9F5AB2A} - System32\Tasks\{DDB56341-0325-4CA9-859D-E5BC9C921ADD} => pcalua.exe -a "E:\PROGRAMI\NetFremwork 3.5 setup.exe" -d E:\PROGRAMI
Task: {6CF8435C-93E3-4C58-9FBB-606F666E66A6} - System32\Tasks\{7F35614C-B0FA-45E6-9C8A-9A73D709403C} => pcalua.exe -a "C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe" -d C:\Users\Dušan\Desktop
Task: {6E3D0648-36D9-4580-9638-4B6F7EBCB273} - System32\Tasks\{5683A3D5-8478-4199-BA3C-FA9EBD6D9060} => pcalua.exe -a G:\Install_Nokia_Ovi_Suite.exe -d G:\
Task: {6EE4740D-8852-47FD-8372-FA96BACA2A5B} - System32\Tasks\{5C6DA0AE-A764-4858-9E9D-D1E7138B782A} => pcalua.exe -a D:\Users\Dusan\Downloads\WinASO_RO_v4.7.6.exe -d D:\Users\Dusan\Downloads
Task: {6FCDBA8C-7507-46BE-906E-26817945041B} - System32\Tasks\{4779C102-4F15-4F02-8F2F-289F69A1A003} => pcalua.exe -a D:\Instalacije\revouninstaller-portable\Revouninstaller.exe -d D:\Instalacije\revouninstaller-portable
Task: {9010B2F8-0ECE-47E1-B94D-232C620D7343} - System32\Tasks\{33F58BF3-599A-47C5-9A26-04F3EFBAB064} => pcalua.exe -a C:\Users\Dušan\Downloads\WinASO_RO_v4.7.7.exe -d C:\Users\Dušan\Downloads
Task: {E04C6F9D-1B6F-40BE-891F-3580D4817AF6} - System32\Tasks\{B62D238F-7DE0-43FC-9766-308E3DCC1872} => pcalua.exe -a C:\Users\Dušan\Downloads\jxpiinstall.exe -d C:\Users\Dušan\Downloads
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
C:\Users\Dušan\AppData\Roaming\speedanalysisplus
EmptyTemp:
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ahecniedppbghecjdhnhghkblommbjgm" => Key deleted successfully.
C:\Users\Dušan\AppData\Roaming\speedanalysisplus\speedanalysisplus.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje" => Key deleted successfully.
C:\Users\Dušan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahecniedppbghecjdhnhghkblommbjgm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E9A1E78-A8EF-479F-9D72-8CFCC9F5AB2A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E9A1E78-A8EF-479F-9D72-8CFCC9F5AB2A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DDB56341-0325-4CA9-859D-E5BC9C921ADD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDB56341-0325-4CA9-859D-E5BC9C921ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CF8435C-93E3-4C58-9FBB-606F666E66A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CF8435C-93E3-4C58-9FBB-606F666E66A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7F35614C-B0FA-45E6-9C8A-9A73D709403C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F35614C-B0FA-45E6-9C8A-9A73D709403C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E3D0648-36D9-4580-9638-4B6F7EBCB273}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E3D0648-36D9-4580-9638-4B6F7EBCB273}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5683A3D5-8478-4199-BA3C-FA9EBD6D9060} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5683A3D5-8478-4199-BA3C-FA9EBD6D9060}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE4740D-8852-47FD-8372-FA96BACA2A5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE4740D-8852-47FD-8372-FA96BACA2A5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5C6DA0AE-A764-4858-9E9D-D1E7138B782A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C6DA0AE-A764-4858-9E9D-D1E7138B782A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FCDBA8C-7507-46BE-906E-26817945041B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCDBA8C-7507-46BE-906E-26817945041B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4779C102-4F15-4F02-8F2F-289F69A1A003} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4779C102-4F15-4F02-8F2F-289F69A1A003}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9010B2F8-0ECE-47E1-B94D-232C620D7343}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9010B2F8-0ECE-47E1-B94D-232C620D7343}" => Key deleted successfully.
C:\Windows\System32\Tasks\{33F58BF3-599A-47C5-9A26-04F3EFBAB064} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33F58BF3-599A-47C5-9A26-04F3EFBAB064}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E04C6F9D-1B6F-40BE-891F-3580D4817AF6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E04C6F9D-1B6F-40BE-891F-3580D4817AF6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B62D238F-7DE0-43FC-9766-308E3DCC1872} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B62D238F-7DE0-43FC-9766-308E3DCC1872}" => Key deleted successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\Users\Dušan\AppData\Roaming\speedanalysisplus => Moved successfully.
EmptyTemp: => Removed 321.4 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-17 20:22:37)<=

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.

==== End of Fixlog ====
-------------------------------------------------------------
http://www.mycity.rs/mod-upload-dir/45260_1396775498_AdwCleaner%5BS0%5D.txt

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.



Arrow

Kakvo je sada stanje?

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Poslao... RAR Quarantine

Nemam vidljivih smetnji. Komp radi primetno brže

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Nešto ne ide kako valja...

U MBAR-u klikom na 'Scan' bude:



a nastavak sa OK daje:

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Zatvori ga pa probaj opet da skeniraš.

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Napisano: 17 Dec 2014 22:40

U MBAR folderu je system-log...

https://www.mycity.rs/must-login.png

Nema ga (nije napravljen) mbar-log-year-month-day (hour-minute-second).txt

Dopuna: 17 Dec 2014 22:40

Probaću sad ponovo, pisao sam jednovremeno

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

Isto se dešava (neće)

Ko je trenutno na forumu
 

Ukupno su 1357 korisnika na forumu :: 36 registrovanih, 12 sakrivenih i 1309 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, babaroga, Bobrock1, bojank, bojankrstc, bojanM84, ccoogg123, cemix, darios, Dorcolac, GenZee, goxin, Griffon vulture, havoc995, ikan, JOntra, kovinacc, Kubovac, kuntalo, kybonacci, ladro, madza, Mercury, Mihajlo, Milos ZA, milutin134, Misirac, opt1, pein, shone34, Valter071, W123, yrraf, zzapNDjuric99, Čivi