cr3.gogorithm.com iskačujući

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Problem nastao od pre 2 dana iskoče mi po nekoliko prozora
na internetu sam našao u vezi cr2.gogorithm.. a o ovom cr3 ništa.
Evo logfaila.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Hranca (administrator) on HRANCA-PC on 23-09-2014 11:05:45
Running from C:\Users\Hranca\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET)
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [607232 2013-02-10] (MyCity)
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-3660575161-1947987749-166325203-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B5EEFBD070FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enRS478
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: HKLM-x32 {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: HKLM-x32 {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazon......5.1.0.cab
DPF: HKLM-x32 {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 178.79.14.6 178.79.0.3 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.rs/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.rs/"
CHR Profile: C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-28]
CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Profile: C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-03]
CHR Extension: (Google претрага) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-28]
CHR Extension: (AdBlock) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-03]
CHR Extension: (Skype Click to Call) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-16]
CHR Extension: (Google новчаник) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-28]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-02-17] () [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-22] ()
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1069248 2014-02-06] () [File not signed]
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98672 2007-05-17] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [23816 2012-02-07] (CPUID)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2012-04-16] (HandSet Incorporated)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-12-30] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-04-04] () [File not signed]
S3 tapklink; C:\Windows\System32\DRIVERS\tapklink.sys [31232 2011-10-23] (Faveset LLC) [File not signed]
U3 a04x24x7; C:\Windows\System32\Drivers\a04x24x7.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:05 - 2014-09-23 11:06 - 00015928 _____ () C:\Users\Hranca\Desktop\FRST.txt
2014-09-23 11:05 - 2014-09-23 11:05 - 00000000 ____D () C:\FRST
2014-09-23 10:50 - 2014-09-23 10:51 - 02105856 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2014-09-22 19:09 - 2014-09-22 19:05 - 04149585 ____N () C:\Users\Hranca\Desktop\Fancy Widgets Full v3.5.6 - FileChoco.com.apk
2014-09-22 18:56 - 2014-09-22 19:15 - 144314493 _____ () C:\Users\Hranca\Downloads\Z2_media_apps_rc1.zip
2014-09-22 10:02 - 2014-09-22 10:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-22 09:53 - 2014-09-22 10:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-21 23:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 23:01 - 2014-09-21 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 18:56 - 2014-09-21 18:56 - 00012111 _____ () C:\awh868.tmp
2014-09-20 20:30 - 2014-09-20 20:30 - 00012112 _____ () C:\awh369.tmp
2014-09-20 20:28 - 2014-09-22 22:58 - 00274566 ____N () C:\Windows\WindowsUpdate.log
2014-09-20 19:22 - 2014-09-20 19:22 - 00000687 _____ () C:\awh9A08.tmp
2014-09-20 19:20 - 2014-09-23 09:57 - 00001340 _____ () C:\Windows\Tasks\SMHJS.job
2014-09-20 19:20 - 2014-09-21 22:58 - 00000000 ____D () C:\Users\Hranca\AppData\Local\3763
2014-09-20 19:20 - 2014-09-20 19:20 - 00004370 _____ () C:\Windows\System32\Tasks\SMHJS
2014-09-20 19:19 - 2014-09-23 09:57 - 00001342 _____ () C:\Windows\Tasks\GIDEAE.job
2014-09-20 19:19 - 2014-09-20 19:19 - 00004372 _____ () C:\Windows\System32\Tasks\GIDEAE
2014-09-20 19:00 - 2014-09-20 19:02 - 00000000 ____D () C:\Users\Hranca\Downloads\Nero 12 Platinum 12.0.02000 (Key + Patch ONLY)
2014-09-20 18:26 - 2014-09-20 18:26 - 00000000 ____D () C:\Users\Hranca\Desktop\muzika
2014-09-17 23:01 - 2014-04-23 11:03 - 13789286 _____ () C:\Users\Hranca\Downloads\Album v6.0.A.0.26.apk
2014-09-17 20:58 - 2014-09-17 20:58 - 02093772 _____ () C:\Users\Hranca\Downloads\AndroidEmoji.ttf
2014-09-17 20:56 - 2014-09-17 20:57 - 10953457 _____ () C:\Users\Hranca\Downloads\textInput_Xperia.apk
2014-09-17 20:52 - 2014-09-17 20:54 - 09914681 _____ () C:\Users\Hranca\Downloads\xperia_keyboard_6.4.a.0.6.apk
2014-09-16 09:40 - 2014-09-16 09:40 - 00000911 _____ () C:\Users\Hranca\Desktop\VerindraRconClient.exe - Shortcut.lnk
2014-09-16 09:38 - 2014-09-16 09:38 - 00000619 _____ () C:\Users\Hranca\Desktop\Text.lnk
2014-09-15 13:49 - 2014-09-15 13:49 - 04379469 _____ () C:\Users\Hranca\Downloads\BetterBatteryStats_xdaedition_1.16.1.0B2.apk
2014-09-15 13:03 - 2014-09-15 13:03 - 07368147 _____ (TCL Communication Technology Holdings Limited ) C:\Users\Hranca\Downloads\ONE TOUCH Upgrade S 2.8.0 Setup.exe
2014-09-09 21:29 - 2014-09-09 21:29 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WinZip
2014-09-09 21:28 - 2014-09-09 21:28 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00002211 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-09-09 21:27 - 2014-09-10 13:06 - 00000000 ____D () C:\Program Files\WinZip
2014-09-09 21:08 - 2014-09-09 21:08 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-09 20:24 - 2014-09-09 21:24 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-02 20:52 - 2014-09-04 09:56 - 00000000 ____D () C:\ProgramData\WarThunder
2014-09-02 20:52 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WarThunder
2014-09-02 14:13 - 2014-09-10 12:05 - 00000222 _____ () C:\Users\Hranca\Desktop\War Thunder.url
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Hranca\AppData\Roaming\SMHJS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Hranca\AppData\Roaming\GIDEAE
2014-08-25 20:17 - 2014-08-25 20:17 - 00000800 _____ () C:\Users\Hranca\Desktop\µTorrent.lnk
2014-08-25 20:10 - 2014-08-25 20:10 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Packages
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\ProgramData\75b259fb4b59fa99
2014-08-25 15:42 - 2014-08-25 15:42 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\WinZip
2014-08-24 21:30 - 2014-08-24 21:30 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 11:06 - 2014-09-23 11:05 - 00015928 _____ () C:\Users\Hranca\Desktop\FRST.txt
2014-09-23 11:05 - 2014-09-23 11:05 - 00000000 ____D () C:\FRST
2014-09-23 10:51 - 2014-09-23 10:50 - 02105856 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2014-09-23 10:46 - 2014-04-11 12:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 10:33 - 2012-04-02 17:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 10:28 - 2012-09-28 09:27 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
2014-09-23 10:24 - 2014-06-05 08:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 10:03 - 2009-07-14 06:45 - 00046544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:03 - 2009-07-14 06:45 - 00046544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:00 - 2012-04-02 16:08 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6599C1B7-5469-40F1-81BD-1AD35A6AC043}
2014-09-23 09:57 - 2014-09-20 19:20 - 00001340 _____ () C:\Windows\Tasks\SMHJS.job
2014-09-23 09:57 - 2014-09-20 19:19 - 00001342 _____ () C:\Windows\Tasks\GIDEAE.job
2014-09-23 09:57 - 2013-09-16 20:16 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-23 09:57 - 2012-04-02 17:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 09:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 22:58 - 2014-09-20 20:28 - 00274566 ____N () C:\Windows\WindowsUpdate.log
2014-09-22 19:15 - 2014-09-22 18:56 - 144314493 _____ () C:\Users\Hranca\Downloads\Z2_media_apps_rc1.zip
2014-09-22 19:05 - 2014-09-22 19:09 - 04149585 ____N () C:\Users\Hranca\Desktop\Fancy Widgets Full v3.5.6 - FileChoco.com.apk
2014-09-22 14:28 - 2012-09-28 09:27 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
2014-09-22 10:03 - 2014-09-22 09:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-22 10:02 - 2014-09-22 10:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-22 09:19 - 2013-02-03 13:32 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-22 09:19 - 2013-02-03 13:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-22 09:19 - 2012-04-30 17:53 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-09-22 09:18 - 2013-01-26 21:07 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\HLSW
2014-09-22 00:41 - 2009-07-14 07:13 - 00800282 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 23:41 - 2012-03-31 08:26 - 00000997 _____ () C:\Users\Hranca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 23:24 - 2013-10-13 15:59 - 00000134 _____ () C:\Windows\win.ini
2014-09-21 23:01 - 2014-09-21 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 22:58 - 2014-09-20 19:20 - 00000000 ____D () C:\Users\Hranca\AppData\Local\3763
2014-09-21 18:56 - 2014-09-21 18:56 - 00012111 _____ () C:\awh868.tmp
2014-09-20 20:30 - 2014-09-20 20:30 - 00012112 _____ () C:\awh369.tmp
2014-09-20 19:36 - 2013-01-20 11:53 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\Wise Care 365
2014-09-20 19:28 - 2012-04-01 13:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-20 19:22 - 2014-09-20 19:22 - 00000687 _____ () C:\awh9A08.tmp
2014-09-20 19:20 - 2014-09-20 19:20 - 00004370 _____ () C:\Windows\System32\Tasks\SMHJS
2014-09-20 19:19 - 2014-09-20 19:19 - 00004372 _____ () C:\Windows\System32\Tasks\GIDEAE
2014-09-20 19:19 - 2012-04-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-20 19:18 - 2012-03-31 23:25 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\uTorrent
2014-09-20 19:02 - 2014-09-20 19:00 - 00000000 ____D () C:\Users\Hranca\Downloads\Nero 12 Platinum 12.0.02000 (Key + Patch ONLY)
2014-09-20 18:26 - 2014-09-20 18:26 - 00000000 ____D () C:\Users\Hranca\Desktop\muzika
2014-09-17 20:58 - 2014-09-17 20:58 - 02093772 _____ () C:\Users\Hranca\Downloads\AndroidEmoji.ttf
2014-09-17 20:57 - 2014-09-17 20:56 - 10953457 _____ () C:\Users\Hranca\Downloads\textInput_Xperia.apk
2014-09-17 20:54 - 2014-09-17 20:52 - 09914681 _____ () C:\Users\Hranca\Downloads\xperia_keyboard_6.4.a.0.6.apk
2014-09-16 09:40 - 2014-09-16 09:40 - 00000911 _____ () C:\Users\Hranca\Desktop\VerindraRconClient.exe - Shortcut.lnk
2014-09-16 09:38 - 2014-09-16 09:38 - 00000619 _____ () C:\Users\Hranca\Desktop\Text.lnk
2014-09-15 13:49 - 2014-09-15 13:49 - 04379469 _____ () C:\Users\Hranca\Downloads\BetterBatteryStats_xdaedition_1.16.1.0B2.apk
2014-09-15 13:03 - 2014-09-15 13:03 - 07368147 _____ (TCL Communication Technology Holdings Limited ) C:\Users\Hranca\Downloads\ONE TOUCH Upgrade S 2.8.0 Setup.exe
2014-09-11 21:31 - 2013-02-03 13:32 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-10 15:43 - 2012-07-25 19:46 - 00000000 ____D () C:\totalcmd
2014-09-10 15:17 - 2013-01-25 21:23 - 00000000 ____D () C:\Install
2014-09-10 13:08 - 2012-03-31 08:25 - 00000000 ____D () C:\Users\Hranca
2014-09-10 13:07 - 2012-04-02 17:16 - 00000000 ____D () C:\Windows\system32\Macromed
2014-09-10 13:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-10 13:06 - 2014-09-09 21:27 - 00000000 ____D () C:\Program Files\WinZip
2014-09-10 13:06 - 2013-02-03 16:34 - 00000000 ____D () C:\ProgramData\Xfire
2014-09-10 13:06 - 2012-04-11 20:23 - 00000000 ____D () C:\ProgramData\Real
2014-09-10 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-10 12:05 - 2014-09-02 14:13 - 00000222 _____ () C:\Users\Hranca\Desktop\War Thunder.url
2014-09-09 21:46 - 2012-04-04 00:24 - 00000000 ____D () C:\Users\Hranca\Documents\Outlook Files
2014-09-09 21:29 - 2014-09-09 21:29 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WinZip
2014-09-09 21:29 - 2012-10-06 09:26 - 00000000 ____D () C:\ProgramData\WinZip
2014-09-09 21:28 - 2014-09-09 21:28 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00002211 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-09-09 21:28 - 2014-09-09 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-09-09 21:24 - 2014-09-09 20:24 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 21:24 - 2014-06-05 08:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 21:24 - 2012-04-02 17:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:24 - 2012-04-02 17:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 21:08 - 2014-09-09 21:08 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-09 20:43 - 2013-02-03 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-09 09:24 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 22:20 - 2013-02-03 16:34 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\Xfire
2014-09-04 09:56 - 2014-09-02 20:52 - 00000000 ____D () C:\ProgramData\WarThunder
2014-09-02 20:52 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\Hranca\AppData\Local\WarThunder
2014-09-02 20:52 - 2012-04-16 08:02 - 00000000 ____D () C:\Users\Hranca\Documents\My Games
2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Hranca\AppData\Roaming\SMHJS
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Hranca\AppData\Roaming\GIDEAE
2014-08-26 10:36 - 2013-03-15 11:31 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Facebook
2014-08-25 20:17 - 2014-08-25 20:17 - 00000800 _____ () C:\Users\Hranca\Desktop\µTorrent.lnk
2014-08-25 20:12 - 2014-08-23 14:51 - 00000000 ____D () C:\ONE TOUCH Upgrade S 2.8.0
2014-08-25 20:10 - 2014-08-25 20:10 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Packages
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Guest
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\Users\Administrator
2014-08-25 20:10 - 2014-08-25 20:10 - 00000000 ____D () C:\ProgramData\75b259fb4b59fa99
2014-08-25 20:10 - 2012-03-31 08:48 - 00000000 ____D () C:\Users\Hranca\AppData\Local\Google
2014-08-25 20:10 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-25 20:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-25 15:42 - 2014-08-25 15:42 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\WinZip
2014-08-24 21:33 - 2012-04-02 18:04 - 00000000 ____D () C:\Users\Hranca\AppData\Roaming\vlc
2014-08-24 21:30 - 2014-08-24 21:30 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Hranca\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:09

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1} - \Windows Update Check - 0x0BC402F2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GIDEAE.job => C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
Task: C:\Windows\Tasks\SMHJS.job => C:\Users\Hranca\AppData\Roaming\SMHJS.exe
C:\Users\Hranca\AppData\Roaming\SMHJS.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum




Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 23 Sep 2014 21:48

Fixlog.text.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Hranca at 2014-09-23 21:35:28 Run:1
Running from C:\Users\Hranca\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (Guvenlik Duvari) - C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc [2014-01-03]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif [2014-08-25]
CHR Extension: (HD01-V2.1V20.09) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-20]
CHR Extension: (pRiicechop) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 [2014-08-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1} - \Windows Update Check - 0x0BC402F2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GIDEAE.job => C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
C:\Users\Hranca\AppData\Roaming\GIDEAE.exe
Task: C:\Windows\Tasks\SMHJS.job => C:\Users\Hranca\AppData\Roaming\SMHJS.exe
C:\Users\Hranca\AppData\Roaming\SMHJS.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
EmptyTemp:
*****************

C:\Users\Hranca\AppData\Local\kpiffgoicnafdiagcgdickdjchfgbgdc => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimopelmdneikoknbgpopffpbmlhgpa => Moved successfully.
C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccdnlipbhokghennpbbcbeogenebdif\3.9 directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{065C9A71-0EAB-42C2-8E6D-0AAFF568F8B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x0BC402F2" => Key deleted successfully.
C:\Windows\Tasks\GIDEAE.job => Moved successfully.
"C:\Users\Hranca\AppData\Roaming\GIDEAE.exe" => File/Directory not found.
C:\Windows\Tasks\SMHJS.job => Moved successfully.
"C:\Users\Hranca\AppData\Roaming\SMHJS.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
EmptyTemp: => Removed 233.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Dopuna: 23 Sep 2014 21:57

Prikačen tekst...
https://www.mycity.rs/must-login.png

Dopuna: 23 Sep 2014 21:59

Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
To se nije desilo Notapad se nije otvorio i neznam da li mogu da pronađem taj izveštaj ako ga ima ??

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavio si ga. Taj tekst koji je trebalo da se otvori je fixlog.txt koji si već postavio. Kakvo je sada stanje? Da li ti još iskaču prozori sa reklamama?


Nego:

Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zip.fail qarantin poslat

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Pređi na drugi korak.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

MBAR nije našao ništa sve je čisto.
Računar sada radi odlično nema više onog iskačućeg prozora.
da izvršim deinstalaciju ovih programa ili ??

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

MBARov folder možeš obrisati sa Desktopa.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v3.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

O.K.Urađeno inače koristim MCShield ali sam ga bio isključio da ne bi nešto smetao prilikom čišćenje računara.
Hvala na pomoć i sve najbolje