Prijavljuje virus na "explorer.exe".

Prijavljuje virus na "explorer.exe".

offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 23 Nov 2015 5:20

Problem u već zadatom naslovu.
Iskakajuće stranice (bele) na browseru pri skoro svakom kliku (random).
Jedna napomena. Volim da pored rada na računaru, da odigram koju partiju PES-a.
Pri svakom pokretanju ove igrice, moram da ugasim svoj Anti-virus. Jer fajl "rld.dll" okarakterisan je kao da je virus. Molim da ako nije problem, dobijem odgovor da li jedino on ugrožava zdrav razum mog kompjutera ili ne? Nakon toga možemo početi da ga režemo i raznesemo viruse. Smile Pozdrav.

Dopuna: 23 Nov 2015 5:25

Dopuna:
Da li samo već pomenuti faj pravi problem ili postoji nešto mnogo gore?
Evo logova:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-11-2015
Ran by Napoleon (administrator) on NAPOLEON-PC (23-11-2015 05:23:21)
Running from C:\Users\Napoleon\Downloads
Loaded Profiles: Napoleon (Available Profiles: Napoleon)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Opera Software) C:\Program Files\Opera\33.0.1990.115\opera.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-30] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2430270236-2861619039-123382870-1001\...\Run: [Viber] => C:\Users\Napoleon\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-30] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{506B123D-E040-4923-BF7B-5C423385D15E}: [NameServer] 199.203.131.150,82.163.143.168
Tcpip\..\Interfaces\{506B123D-E040-4923-BF7B-5C423385D15E}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-30] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-30] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-30]

Opera:
=======
OPR Extension: (Violent monkey) - C:\Users\Napoleon\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2015-10-04]
OPR Extension: (Adblock Plus) - C:\Users\Napoleon\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-10-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-03-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-30] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-30] (Avast Software)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-30] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-30] ()
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-30] (Avast Software)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 05:23 - 2015-11-23 05:23 - 00009564 _____ C:\Users\Napoleon\Downloads\FRST.txt
2015-11-23 05:23 - 2015-11-23 05:23 - 00000000 ____D C:\FRST
2015-11-23 05:22 - 2015-11-23 05:22 - 01717248 _____ (Farbar) C:\Users\Napoleon\Downloads\FRST.exe
2015-11-22 16:21 - 2015-11-22 16:21 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-18 04:23 - 2015-11-18 04:23 - 00131072 ____N C:\Windows\Minidump\111815-15802-01.dmp
2015-11-14 00:35 - 2015-11-14 00:35 - 00131072 ____N C:\Windows\Minidump\111415-17487-01.dmp
2015-11-13 12:43 - 2015-11-13 12:44 - 00000000 ____D C:\Users\Napoleon\AppData\Local\Viber
2015-11-13 12:41 - 2015-11-13 12:41 - 00131072 ____N C:\Windows\Minidump\111315-18595-01.dmp
2015-11-11 20:46 - 2015-11-11 20:46 - 00007424 _____ C:\Users\Napoleon\Desktop\as.ashprj
2015-11-08 20:05 - 2015-11-08 20:06 - 48332813 _____ (Popcorn Time ) C:\Users\Napoleon\Downloads\PopcornTime-latest (2).exe
2015-11-06 21:50 - 2015-11-06 21:53 - 48332813 _____ (Popcorn Time ) C:\Users\Napoleon\Downloads\PopcornTime-latest (1).exe
2015-11-06 21:47 - 2015-11-06 21:47 - 00000000 ____D C:\Users\Napoleon\AppData\Roaming\Macromedia
2015-11-06 21:46 - 2015-11-06 22:02 - 00000000 ____D C:\Users\Napoleon\Downloads\PopcornTime
2015-11-06 21:43 - 2015-11-06 21:53 - 00001937 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2015-11-06 21:43 - 2015-11-06 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-11-06 21:43 - 2015-11-06 21:53 - 00000000 ____D C:\Program Files\Popcorn Time
2015-11-04 23:22 - 2015-11-04 23:22 - 00131072 ____N C:\Windows\Minidump\110415-21169-01.dmp
2015-11-02 19:55 - 2015-11-02 19:55 - 00131072 ____N C:\Windows\Minidump\110215-21418-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 05:16 - 2015-07-04 14:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 05:08 - 2015-08-16 04:08 - 00000346 _____ C:\Windows\Tasks\Superclean.job
2015-11-23 05:04 - 2015-07-16 20:38 - 00000000 ____D C:\Program Files\OneSystemCare
2015-11-23 05:03 - 2015-08-24 10:06 - 00000000 ____D C:\Program Files\DNS Unlocker
2015-11-23 05:02 - 2015-06-30 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-11-23 04:55 - 2015-10-19 00:20 - 00000000 ____D C:\ProgramData\TEMP
2015-11-23 04:53 - 2015-05-30 09:19 - 02012950 _____ C:\Windows\WindowsUpdate.log
2015-11-22 16:27 - 2015-07-17 19:45 - 00000000 ____D C:\Users\Napoleon\AppData\Roaming\ViberPC
2015-11-22 16:26 - 2015-07-04 13:44 - 00000000 ____D C:\ProgramData\Oracle
2015-11-22 16:24 - 2009-07-14 05:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 16:24 - 2009-07-14 05:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 16:22 - 2015-07-04 13:44 - 00000000 ____D C:\Program Files\Java
2015-11-22 16:21 - 2015-10-07 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-22 16:21 - 2015-10-07 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-22 16:21 - 2015-10-05 05:23 - 00000000 ____D C:\Users\Napoleon\.oracle_jre_usage
2015-11-22 16:20 - 2015-10-07 16:38 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-22 16:18 - 2015-08-08 14:25 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-21 16:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-21 16:03 - 2009-07-14 05:39 - 00076266 _____ C:\Windows\setupact.log
2015-11-20 05:31 - 2015-07-16 20:36 - 00000000 ____D C:\Program Files\Opera
2015-11-19 09:56 - 2015-05-30 00:31 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-18 04:23 - 2015-06-02 21:02 - 00000000 ____D C:\Windows\Minidump
2015-11-18 04:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 03:05 - 2015-06-03 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 03:00 - 2015-06-03 02:00 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:01 - 2015-07-04 14:09 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-11 03:01 - 2015-07-04 14:09 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-06 21:46 - 2015-06-26 15:40 - 00000000 ____D C:\Users\Napoleon\AppData\Roaming\Adobe
2015-11-06 21:43 - 2015-05-30 23:22 - 00000000 ____D C:\Users\Napoleon\AppData\Local\Popcorn-Time
2015-10-29 22:37 - 2015-06-24 16:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-27 05:55 - 2015-09-15 18:32 - 00000000 ____D C:\Users\Napoleon\Desktop\m
2015-10-26 07:17 - 2015-09-08 23:38 - 00000000 ____D C:\Users\Napoleon\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2015-08-07 02:03 - 2015-08-11 22:38 - 0000024 _____ () C:\Users\Napoleon\AppData\Roaming\appdataFr25.bin
2015-05-30 23:05 - 2015-05-30 23:05 - 0007597 _____ () C:\Users\Napoleon\AppData\Local\Resmon.ResmonCfg
2015-10-19 13:26 - 2015-10-19 13:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-11 23:17

==================== End of FRST.txt ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
OPR Extension: (Violent monkey) - C:\Users\Napoleon\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2015-10-04]
Task: {78F4FB35-FD67-4FFB-84FC-C2354FE2BBB0} - System32\Tasks\Superclean => c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}\hqghumeaylnlf.exe [2014-08-16] (Super PC Tools Ltd) <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}\hqghumeaylnlf.exe <==== ATTENTION
C:\Program Files\OneSystemCare
C:\Program Files\DNS Unlocker
C:\Users\Napoleon\AppData\Roaming\appdataFr25.bin
C:\Users\Napoleon\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"





Arrow Korak 3

Imaš instaliranu developer verziju Google Chrome-a.
Ako je ti lično nisi instalirao/la idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.

offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 24 Nov 2015 0:58

Fix result of Farbar Recovery Scan Tool (x86) Version:23-11-2015
Ran by Napoleon (2015-11-24 00:50:37) Run:1
Running from C:\Users\Napoleon\Downloads
Loaded Profiles: Napoleon (Available Profiles: Napoleon)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
OPR Extension: (Violent monkey) - C:\Users\Napoleon\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2015-10-04]
Task: {78F4FB35-FD67-4FFB-84FC-C2354FE2BBB0} - System32\Tasks\Superclean => c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}\hqghumeaylnlf.exe [2014-08-16] (Super PC Tools Ltd) <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}\hqghumeaylnlf.exe <==== ATTENTION
C:\Program Files\OneSystemCare
C:\Program Files\DNS Unlocker
C:\Users\Napoleon\AppData\Roaming\appdataFr25.bin
C:\Users\Napoleon\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8}
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
C:\Users\Napoleon\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78F4FB35-FD67-4FFB-84FC-C2354FE2BBB0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78F4FB35-FD67-4FFB-84FC-C2354FE2BBB0}" => key removed successfully.
C:\Windows\System32\Tasks\Superclean => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => key removed successfully.
C:\Windows\Tasks\Superclean.job => moved successfully
C:\Program Files\OneSystemCare => moved successfully
C:\Program Files\DNS Unlocker => moved successfully
C:\Users\Napoleon\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Users\Napoleon\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
c:\programdata\{b8e0ae3e-3fee-7e3b-b8e0-0ae3e3feb8f8} => moved successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully..
EmptyTemp: => 576.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:50:58 ====

Dopuna: 24 Nov 2015 1:04

AdwCleaner[C1]

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Question

Kakvo je sada stanje sistema?

offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 30 Nov 2015 21:31

Upload-ovano.

Dopuna: 30 Nov 2015 21:33

Bolje radi. Smile Vidim promene. Smile

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 01 Nov 2008
  • Poruke: 87
  • Gde živiš: Kragujevac

Napisano: 06 Dec 2015 11:19

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
malwarebytes.org

Database version:
main: v2015.12.01.07
rootkit: v2015.11.26.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Napoleon :: NAPOLEON-PC [administrator]

1.12.2015 22:59:47
mbar-log-2015-12-01 (22-59-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 291701
Time elapsed: 19 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{506B123D-E040-4923-BF7B-5C423385D15E}|NameServer (Trojan.DNSChanger) -> Bad: (199.203.131.150,82.163.143.168) Good: () -> Replace on reboot. [ac3f3a65a1ea77bfeb68581a0ff5d42c]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

mycity.rs/must-login.png

Dopuna: 06 Dec 2015 11:21

Hvala, majstore! Sad je odlično.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 1460 korisnika na forumu :: 49 registrovanih, 10 sakrivenih i 1401 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, 39mm, A.R.Chafee.Jr., amaterSRB, Atomski čoban, Bane san, bankulen, Boris90, Brana01, cemix, cvrle312, darkangel, DeerHunter, Dežurni pod palubom, Dimitrise93, Djokislav, Dorcolac, Georgius, HogarStrashni, ikan, Ilija Cvorovic, kinez88, Klecaviks, kokodakalo, Krvava Devetka, kunktator, Kure126-7, Litostroton, Lubica, LUDI, Lukaaa, milenko crazy north, Miškić, MrNo, Nemanja.M, nemkea71, oganj123, oldtimer, opt1, robert1979, sap, slonic_tonic, stegonosa, StepskiVuk, suton, Tragač, Tvrtko I, virked