MyCity » Ambulanta -> Arhiva Ambulante » Ponovo malware

Ponovo malware

Napisano na dan: 6.4.2018

Strana:
1
2

Ponovo malware

Sledeća strana

Pagination

Odgovori

Strana:
1
2

tacija Poslao: 06 Apr 2018 19:56 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Koristim 32 bitni win7 i telekomov adsl. Neznam kako ali malvare se uselio u chrome. Svakih 5 min iskace po neki novi prozor, Pokusao sam sa anti virusom,adwcleanerom i mbam ali nisam nista uspeo. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018 Ran by miroslav (administrator) on MIROSLAV-PC (06-04-2018 20:28:34) Running from C:\Users\miroslav\Desktop Loaded Profiles: miroslav (Available Profiles: miroslav) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe () C:\Program Files\RocketDock\RocketDock.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe (Viber Media S.Ã r.l.) C:\Users\miroslav\AppData\Local\Viber\Viber.exe (Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe (BitTorrent Inc.) C:\Users\miroslav\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (0V39NLVWO) C:\Program Files\K05IH26KWO\K05IH26KW.exe (Free Time Co., Ltd.) C:\Program Files\FormatFactory\FormatFactory.exe (Website) C:\Dapp\Dapp.exe (Website) C:\Dapp\Dapp.exe ( ) C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp\40ahlk1wjmu.tmp (Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Mobo, Inc.) C:\Program Files\Mobo\Service\MoboDeviceService.exe (Mobo) C:\Program Files\Mobo\Service\MoboDeviceProxy.exe (Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\FormatFactory\FFModules\Encoder\ffmpeg.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-15] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM\...\Run: [Speedycar] => C:\Program Files\Speedycar\Speedycar.exe [18136576 2018-01-02] () HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [uTorrent] => C:\Users\miroslav\AppData\Roaming\uTorrent\uTorrent.exe [2148024 2018-02-23] (BitTorrent Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Viber] => C:\Users\miroslav\AppData\Local\Viber\Viber.exe [36126280 2018-03-12] (Viber Media S.Ã r.l.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [50097096 2018-03-16] (Skype Technologies S.A.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [BingSvc] => C:\Users\miroslav\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( ) HKU\S-1-5-21-961669800-890686474-1414387024-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{A1DE0E0E-1595-4216-B22A-8F4F035F1AB3}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-14] (Oracle Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 7dpgcy0g.default-1516557775337 FF ProfilePath: C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 [2018-04-06] FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30] FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled. FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22] FF Extension: (S3.Translator) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\s3google@translator.xpi [2018-01-21] FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2018-01-21] FF Extension: (__MSG_appName__) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-22] FF Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-22] FF Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-21] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] () FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-14] (Oracle Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File] FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File] FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin HKU\S-1-5-21-961669800-890686474-1414387024-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\miroslav\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] Chrome: ======= CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default [2018-04-06] CHR Extension: (Презентације) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14] CHR Extension: (Документи) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14] CHR Extension: (Google диск) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-14] CHR Extension: (YouTube) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14] CHR Extension: (Right Click Google Translator) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkdgglkocfpfmlpfmldpmebkceelhif [2018-03-27] CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2018-02-14] CHR Extension: (Adblock Plus) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-14] CHR Extension: (Gmail ван мреже) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-02-14] CHR Extension: (Табеле) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14] CHR Extension: (Google документи офлајн) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-14] CHR Extension: (Facebook video downloader - FB to MP4) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljbjelbfpgglpallgcjgppphheoiadfc [2018-03-04] CHR Extension: (Video DownloadHelper) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-03-04] CHR Extension: (Nemoze da se izbrise) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflobcdhgnlibbiegemmoenkeaplpoid [2018-02-14] CHR Extension: (Onlive Clock) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2018-02-14] CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-14] CHR Extension: (Chrome Media Router) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-14] CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] ==================== Services (Whitelisted) ==================== ===================== Drivers (Whitelisted) ====================== ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-11-12 04:37 - 30826-11-12 04:37 - 000186368 ____N (Microsoft Corporation) C:\Users\miroslav\oEoJiFYyyoU.exe 2099-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Roaming\LIwI.exe 2099-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Local\ZpbyJv.exe 2018-04-06 20:28 - 2018-04-06 20:35 - 000016586 _____ C:\Users\miroslav\Desktop\FRST.txt 2018-04-06 20:27 - 2018-04-06 20:28 - 000000000 ____D C:\FRST 2018-04-06 20:27 - 2018-04-06 20:27 - 001764352 _____ (Farbar) C:\Users\miroslav\Desktop\FRST.exe 2018-04-06 19:23 - 2018-04-06 19:23 - 001400690 _____ C:\Users\miroslav\Desktop\video-1523008031.mp4 2018-04-06 18:55 - 2018-04-06 18:55 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\MAL 2018-04-06 18:45 - 2018-04-06 18:52 - 000000000 ____D C:\AdwCleaner 2018-04-06 18:38 - 2018-01-25 08:50 - 008256080 _____ C:\Users\miroslav\Desktop\Gramblr.exe 2018-04-06 18:32 - 2018-04-06 18:32 - 000000000 ____D C:\Program Files\PandaViewer 2018-04-06 18:31 - 2018-04-06 18:31 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\3h20rycot4w 2018-04-06 18:31 - 2018-04-06 18:31 - 000000000 ____D C:\Program Files\K05IH26KWO 2018-04-06 17:31 - 2018-04-06 18:54 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 2018-04-06 17:31 - 2018-04-06 18:32 - 000000000 ____D C:\Program Files\LaCie Private Public 2018-04-06 17:31 - 2018-04-06 18:32 - 000000000 ____D C:\Dapp 2018-04-06 17:31 - 2018-04-06 17:31 - 000000000 ____D C:\Disk 2018-04-06 17:30 - 2018-04-06 17:30 - 000000000 ____D C:\Program Files\Speedycar 2018-04-06 17:28 - 2018-04-06 17:34 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\1337 2018-04-06 17:27 - 2018-04-06 18:54 - 000000000 ____D C:\Program Files\frgtrh 2018-04-06 17:27 - 2018-04-06 17:27 - 000000003 _____ C:\Users\miroslav\AppData\Local\wbem.ini 2018-04-02 20:15 - 2018-04-02 20:15 - 000006259 _____ C:\Users\miroslav\Desktop\Facebook-video-Downloader.php 2018-04-02 18:59 - 2018-04-02 23:24 - 000000000 ____D C:\Users\miroslav\AppData\Local\My Family Tree 2018-04-02 18:59 - 2018-04-02 18:59 - 000000000 ____D C:\Users\miroslav\AppData\Local\Chronoplex_Software 2018-03-31 11:52 - 2018-03-31 11:58 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Tinuous 2018-03-31 11:49 - 2018-03-31 11:51 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\VarieDrop 2018-03-24 11:37 - 2018-03-24 11:38 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2018-03-18 20:18 - 2018-03-18 20:18 - 000001406 _____ C:\Users\miroslav\Desktop\KodiPortable - Shortcut.lnk 2018-03-18 11:00 - 2018-02-13 20:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-03-18 11:00 - 2018-02-13 20:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-03-18 11:00 - 2018-02-13 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-03-18 11:00 - 2018-02-13 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-03-15 09:48 - 2018-03-15 09:49 - 000000000 ____D C:\Users\miroslav\AppData\Local\Viber 2018-03-13 21:24 - 2018-03-13 21:24 - 006210560 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2018-03-09 14:26 - 2018-03-09 14:26 - 000000841 _____ C:\Users\miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-06 20:35 - 2017-01-02 11:19 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\uTorrent 2018-04-06 20:12 - 2016-10-09 14:31 - 000000000 ___RD C:\Users\miroslav\Desktop\video 2018-04-06 19:08 - 2009-07-14 06:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-04-06 19:08 - 2009-07-14 06:34 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-04-06 18:56 - 2016-12-28 14:46 - 000000000 ____D C:\ProgramData\MCShield 2018-04-06 18:55 - 2018-02-23 11:16 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\uTorrent 2018-04-06 18:54 - 2016-12-28 12:24 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-06 18:54 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-04-06 18:40 - 2017-01-07 19:06 - 000000000 ____D C:\Users\miroslav\Documents\ViberDownloads 2018-04-06 17:29 - 2017-04-21 14:27 - 000000000 ____D C:\ProgramData\TEMP 2018-04-06 17:29 - 2016-12-28 12:10 - 000000000 ____D C:\Program Files\Google 2018-04-06 17:27 - 2016-12-28 11:51 - 000000000 ____D C:\Users\miroslav 2018-04-05 19:05 - 2018-02-05 19:54 - 000001181 _____ C:\Users\miroslav\AppData\Roaming\downloads.json 2018-04-04 18:04 - 2018-02-10 20:13 - 000000000 ____D C:\Users\miroslav\AppData\Local\Paint.NET 2018-04-03 18:06 - 2016-12-28 11:55 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI 2018-04-03 18:06 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2018-04-01 22:09 - 2016-12-28 13:43 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\AIMP 2018-03-31 16:46 - 2018-02-19 12:35 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\Kodi 2018-03-28 10:28 - 2009-07-14 06:53 - 000032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2018-03-24 13:13 - 2016-12-28 12:18 - 000000000 ____D C:\Users\miroslav\Desktop\Precice 2018-03-24 11:37 - 2017-01-02 18:57 - 000000000 ____D C:\Program Files\FormatFactory 2018-03-22 20:52 - 2016-12-28 16:51 - 000000000 ____D C:\Users\miroslav\AppData\LocalLow\Mozilla 2018-03-22 09:32 - 2017-12-08 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-03-22 01:58 - 2017-09-25 18:54 - 000002736 _____ C:\Users\miroslav\Desktop\Linkovi.txt 2018-03-21 07:25 - 2017-01-07 19:06 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\ViberPC 2018-03-20 02:34 - 2016-12-30 09:13 - 000000000 ____D C:\Windows\system32\MRT 2018-03-20 02:29 - 2017-10-11 23:25 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-03-20 02:29 - 2016-12-30 09:13 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-03-19 13:29 - 2017-01-22 10:40 - 000000000 ____D C:\Windows\system32\appraiser 2018-03-13 21:24 - 2017-02-24 15:34 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-03-13 21:24 - 2017-02-24 15:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-03-13 21:24 - 2017-02-24 15:34 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-13 17:13 - 2017-05-06 14:59 - 000000000 ____D C:\Users\miroslav\AppData\Roaming\vlc 2018-03-07 19:06 - 2018-02-10 17:30 - 000000000 ____D C:\Users\miroslav\Desktop\GIFcam ==================== Files in the root of some directories ======= 30826-11-12 04:37 - 30826-11-12 04:37 - 000186368 ____N (Microsoft Corporation) C:\Users\miroslav\oEoJiFYyyoU.exe 2018-02-05 19:54 - 2018-04-05 19:05 - 000001181 _____ () C:\Users\miroslav\AppData\Roaming\downloads.json 30826-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Roaming\LIwI.exe 2017-12-13 19:27 - 2018-02-13 21:16 - 000009216 _____ () C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-06 17:27 - 2018-04-06 17:27 - 000000003 _____ () C:\Users\miroslav\AppData\Local\wbem.ini 30826-11-12 04:37 - 30826-11-12 04:37 - 000073216 ____N (Microsoft Corporation) C:\Users\miroslav\AppData\Local\ZpbyJv.exe Some files in TEMP: ==================== 2018-04-06 18:31 - 2018-04-06 18:31 - 001537176 _____ (BANANA SUMMER LIMITED) C:\Users\miroslav\AppData\Local\Temp\1523032294V0Rtmp.exe 2018-03-11 21:02 - 2018-03-11 21:02 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\BSvcProcessor.exe 2018-03-11 21:01 - 2018-03-11 21:02 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\miroslav\AppData\Local\Temp\BSvcUpdater.exe 2018-03-03 12:59 - 2018-03-03 12:59 - 007523680 _____ (GOM & Company) C:\Users\miroslav\AppData\Local\Temp\GrLauncherTempSetup.exe 2018-04-06 17:29 - 2018-04-06 17:29 - 013205167 _____ (MAL ) C:\Users\miroslav\AppData\Local\Temp\p0cmpc54cvt.exe 2018-04-06 17:26 - 2018-04-06 17:26 - 004100008 _____ (Initex ) C:\Users\miroslav\AppData\Local\Temp\ProxifierSetup.exe 2018-04-06 17:27 - 2018-04-06 17:27 - 000860523 _____ ( ) C:\Users\miroslav\AppData\Local\Temp\setup.exe 2018-04-06 17:32 - 2018-04-06 17:33 - 048475781 _____ (My Company, Inc. ) C:\Users\miroslav\AppData\Local\Temp\setuplb.exe 2018-02-14 12:13 - 2018-02-14 12:13 - 030950664 _____ () C:\Users\miroslav\AppData\Local\Temp\vlc-2.2.6-win32.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-29 10:23 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 07 Apr 2018 08:07 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( ) FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30] FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled. FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22] CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152] AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286] C:\Users\miroslav\AppData\Local\ZpbyJv.exe C:\Users\miroslav\oEoJiFYyyoU.exe C:\Users\miroslav\AppData\Roaming\LIwI.exe C:\Program Files\K05IH26KWO C:\Dapp C:\Users\miroslav\AppData\Roaming\3h20rycot4w C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 C:\Program Files\LaCie Private Public C:\Dapp C:\Disk C:\Program Files\Speedycar C:\Program Files\frgtrh C:\Users\miroslav\AppData\Roaming\downloads.json C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Users\miroslav\AppData\Local\wbem.ini U okviru Notepad-a klikni na File --> Save As Pod Encoding izaberi UTF-8. Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

tacija Poslao: 07 Apr 2018 10:06 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 07 Apr 2018 10:49 Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018 Ran by miroslav (07-04-2018 10:35:02) Run:1 Running from C:\Users\miroslav\Desktop Loaded Profiles: miroslav (Available Profiles: miroslav) Boot Mode: Normal ============================================== fixlist content: *************** HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( ) FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30] FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled. FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22] CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152] AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286] C:\Users\miroslav\AppData\Local\ZpbyJv.exe C:\Users\miroslav\oEoJiFYyyoU.exe C:\Users\miroslav\AppData\Roaming\LIwI.exe C:\Program Files\K05IH26KWO C:\Dapp C:\Users\miroslav\AppData\Roaming\3h20rycot4w C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 C:\Program Files\LaCie Private Public C:\Dapp C:\Disk C:\Program Files\Speedycar C:\Program Files\frgtrh C:\Users\miroslav\AppData\Roaming\downloads.json C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Users\miroslav\AppData\Local\wbem.ini ************* "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\chrome" => removed successfully. "HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\G4TCEREEO9K8UGW" => removed successfully. "HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3833951" => removed successfully. C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js => moved successfully "Firefox Session Restore" => removed successfully. C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi => moved successfully Dopuna: 07 Apr 2018 11:06 Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018 Ran by miroslav (07-04-2018 10:35:02) Run:1 Running from C:\Users\miroslav\Desktop Loaded Profiles: miroslav (Available Profiles: miroslav) Boot Mode: Normal ============================================== fixlist content: ************* HKLM\...\Run: [chrome] => C:\Program Files\Google\Chrome\Application\chrome.exe [1453400 2018-02-01] (Google Inc.) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [G4TCEREEO9K8UGW] => C:\Program Files\K05IH26KWO\K05IH26KW.exe [666112 2018-04-06] (0V39NLVWO) HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\Run: [3833951] => C:\Users\miroslav\AppData\Roaming\3h20rycot4w\40ahlk1wjmu.exe [805093 2018-04-06] ( ) FF user.js: detected! => C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js [2017-06-30] FF Session Restore: Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337 -> is enabled. FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi [2018-02-28] FF Extension: (System Table) - C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi [2018-02-22] CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] HKU\S-1-5-21-961669800-890686474-1414387024-1001\...\ChromeHTML: -> <==== ATTENTION Task: {DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} - System32\Tasks\Dapp => C:\Dapp\Dapp.exe [2018-04-05] (Website) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152] AlternateDataStreams: C:\ProgramData\TEMP:BD34FFC5 [286] C:\Users\miroslav\AppData\Local\ZpbyJv.exe C:\Users\miroslav\oEoJiFYyyoU.exe C:\Users\miroslav\AppData\Roaming\LIwI.exe C:\Program Files\K05IH26KWO C:\Dapp C:\Users\miroslav\AppData\Roaming\3h20rycot4w C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 C:\Program Files\LaCie Private Public C:\Dapp C:\Disk C:\Program Files\Speedycar C:\Program Files\frgtrh C:\Users\miroslav\AppData\Roaming\downloads.json C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Users\miroslav\AppData\Local\wbem.ini *************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\chrome" => removed successfully. "HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\G4TCEREEO9K8UGW" => removed successfully. "HKU\S-1-5-21-961669800-890686474-1414387024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3833951" => removed successfully. C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\user.js => moved successfully "Firefox Session Restore" => removed successfully. C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\143734@modext.tech.xpi => moved successfully C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\214028@modext.tech.xpi => moved successfully C:\Users\miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\7dpgcy0g.default-1516557775337\Extensions\383882@modext.tech.xpi => moved successfully CHR Extension: (System Table) - C:\Users\miroslav\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-06] => Error: No automatic fix found for this entry. "HKU\S-1-5-21-961669800-890686474-1414387024-1001_Classes\ChromeHTML" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBA9D38F-5B29-4D29-B6B6-64D7ACB95197}" => removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBA9D38F-5B29-4D29-B6B6-64D7ACB95197} => not found "C:\Windows\System32\Tasks\Dapp" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dapp => not found C:\Windows => ":nlsPreferences" ADS removed successfully. C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully. C:\ProgramData\TEMP => ":BD34FFC5" ADS removed successfully. C:\Users\miroslav\AppData\Local\ZpbyJv.exe => moved successfully C:\Users\miroslav\oEoJiFYyyoU.exe => moved successfully C:\Users\miroslav\AppData\Roaming\LIwI.exe => moved successfully C:\Program Files\K05IH26KWO => moved successfully C:\Dapp => moved successfully "C:\Users\miroslav\AppData\Roaming\3h20rycot4w" folder move: Could not move "C:\Users\miroslav\AppData\Roaming\3h20rycot4w" => Scheduled to move on reboot. "C:\Users\miroslav\AppData\Local\Temp\is-7MCF9.tmp" => not found C:\Users\miroslav\AppData\Roaming\h2frgcsy0y1 => moved successfully "C:\Program Files\LaCie Private Public" => not found "C:\Dapp" => not found "C:\Disk" => not found "C:\Program Files\Speedycar" => not found C:\Program Files\frgtrh => moved successfully C:\Users\miroslav\AppData\Roaming\downloads.json => moved successfully C:\Users\miroslav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully C:\Users\miroslav\AppData\Local\wbem.ini => moved successfully Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-04-2018 11:04:16) C:\Users\miroslav\AppData\Roaming\3h20rycot4w => is moved successfully ==== End of Fixlog 11:04:16 ====

Profil

Sass Drake Poslao: 07 Apr 2018 12:58 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data. Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš. Sačuvane lozinke će biti obrisane. Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.

Profil

tacija Poslao: 07 Apr 2018 18:07 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno sada radi bez problema

Profil

Sass Drake Poslao: 07 Apr 2018 18:37 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga. Uđi u folder C:\FRST Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici Kao Archive format izaberi RAR5 ili RAR Za Compression method odaberi Best U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona) Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole) Klikni na OK Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na: https://www.mycity.rs/ambulanta-upload.php

Profil

tacija Poslao: 08 Apr 2018 11:12 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslati su svi fajlovi

Profil

Sass Drake Poslao: 08 Apr 2018 15:41 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju. Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor. Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja. • Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju. • Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje. Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart. • Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report. Izvezi log na Desktop; - Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)' # U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save. - Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor. • U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Profil

tacija Poslao: 08 Apr 2018 19:19 Idi na vrh
offline tacija Počasni građanin Miroslav Tanaskovic Gradjevinski tehnicar Pridružio: 02 Jan 2009 Poruke: 787 Gde živiš: Cacak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 09 Apr 2018 11:50 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje sistema?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ponovo malware

Ko je trenutno na forumu

Ukupno su 1164 korisnika na forumu :: 45 registrovanih, 6 sakrivenih i 1113 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, anta, Battlehammer, Ben Roj, CikaKURE, deimos25, Dimitrise93, Djokislav, DonRumataEstorski, Duh sa sekirom, dushan, FOX, Griffon vulture, HogarStrashni, ikan, Krvava Devetka, kubura91, kybonacci, laurusri, Marko Marković, mercedesamg, Mercury, Milenaaa, Milos ZA, Miroljub1979, MiroslavD, Mixelotti, Mlav, Motocar, nenad81, pein, repac, Shinobi, Sir Budimir, Sirius, Srle993, suton, Tvrtko I, Vlad000, vladaa012, vladetije, W123, wizzardone, wolverined4, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by