MyCity » Ambulanta -> Arhiva Ambulante » file:///C:/ProgramData/Zitenops/snp.sc

file:///C:/ProgramData/Zitenops/snp.sc

Napisano na dan: 22.12.2015

Strana:
1
2
3

file:///C:/ProgramData/Zitenops/snp.sc

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

dejanod Poslao: 22 Dec 2015 21:07 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skinuo sam bio krekovan norton i njega izbrisao ali mi se pojavljuje file:///C:/ProgramData/Zitenops/snp.sc kada otvorim Mozilu ili Chrome . Od preksinoć je počeo da se pojavljuje problem . Internet je ADSL MTS download 10mb/s Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-12-2015 Ran by dejan (administrator) on DEJAN-PC (22-12-2015 20:54:26) Running from C:\Users\dejan\Desktop Loaded Profiles: dejan (Available Profiles: dejan) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Kingsoft Corporation) C:\Program Files\kingsoft\ksdef\ksdefserver.exe (FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe () C:\Users\dejan\AppData\Local\Viber\Viber.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-1668144661-2884591123-2203260530-1001\...\Run: [Viber] => C:\Users\dejan\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] () HKU\S-1-5-21-1668144661-2884591123-2203260530-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-09-23] (Tonec Inc.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2965C6DE-563C-4504-945D-221BB2EAC7BE}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\S-1-5-21-1668144661-2884591123-2203260530-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_151217__yaff FF SelectedSearchEngine: Yahoo® FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-13] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Extension: DownThemAll! - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-11] FF Extension: Restart My Fox - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default\Extensions\Restart-My-Fox@8pecxstudios.com.xpi [2015-10-26] FF Extension: Adblock Plus - C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] FF HKU\S-1-5-21-1668144661-2884591123-2203260530-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: No Name - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-09-23] [not signed] FF HKU\S-1-5-21-1668144661-2884591123-2203260530-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\dejan\AppData\Roaming\IDM\idmmzcc5 [2015-12-22] [not signed] Chrome: ======= CHR Profile: C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-19] CHR Extension: (Google Docs) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-19] CHR Extension: (Google Drive) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19] CHR Extension: (YouTube) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19] CHR Extension: (Google Search) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19] CHR Extension: (Google Sheets) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-19] CHR Extension: (Google Docs Offline) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-20] CHR Extension: (IDM Integration Module) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-12-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-19] CHR Extension: (Norton Security Toolbar) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-12-19] CHR Extension: (Gmail) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 DefSrv; C:\Program Files\kingsoft\ksdef\ksdefserver.exe [1662800 2015-12-14] (Kingsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1983424 2015-11-19] (ESET) R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [205800 2015-11-16] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2015-11-16] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [131640 2015-11-16] (ESET) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [15968 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] () R2 KSSafe; C:\Windows\system32\drivers\KSSafe.sys [232296 2015-08-18] (Kingsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 EraserUtilDrv11520; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X] S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.2.17063.223\softaal.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-22 20:50 - 2015-12-22 20:50 - 00000000 ____D C:\FRST 2015-12-22 17:52 - 2015-12-22 20:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-22 17:45 - 2015-12-22 17:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-12-22 17:45 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-22 17:45 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-22 17:45 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-20 19:17 - 2014-06-17 13:13 - 00718552 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2015-12-20 19:17 - 2014-06-17 13:13 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll 2015-12-20 19:17 - 2014-06-17 13:13 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2015-12-20 19:12 - 2015-12-20 19:17 - 00000000 ____D C:\Program Files\Realtek 2015-12-20 19:12 - 2011-09-16 08:12 - 00027752 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys 2015-12-20 19:12 - 2011-06-15 14:11 - 00050280 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys 2015-12-20 19:12 - 2011-06-15 14:11 - 00027648 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys 2015-12-20 17:48 - 2015-12-20 17:48 - 00000000 ____D C:\Intel 2015-12-20 17:48 - 2010-03-02 09:04 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2015-12-20 03:54 - 2015-12-20 03:54 - 00000000 ____D C:\_332656_ 2015-12-19 20:04 - 2015-12-19 20:04 - 00000000 ____D C:\MSI3df1.tmp 2015-12-19 19:48 - 2015-12-19 19:48 - 00000000 ____D C:\sh4ldr 2015-12-19 19:48 - 2015-12-19 19:48 - 00000000 ____D C:\Program Files\ESET 2015-12-19 19:48 - 2015-12-19 19:48 - 00000000 ____D C:\MSI10526.tmp 2015-12-19 19:46 - 2015-12-19 19:49 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-12-19 15:32 - 2015-12-19 15:32 - 00000000 ____D C:\Windows\pss 2015-12-17 15:56 - 2015-12-22 19:30 - 00000000 ____D C:\Program Files\NortonInstaller 2015-12-17 15:56 - 2015-12-19 13:22 - 00000000 ____D C:\Program Files\Norton Internet Security 2015-12-17 14:14 - 2015-12-17 20:49 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2015-12-17 14:14 - 2015-12-17 14:14 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2015-12-17 13:49 - 2015-12-17 13:49 - 00000140 _____ C:\Prefs.js 2015-12-17 13:49 - 2015-12-17 13:49 - 00000000 ____D C:\searchplugins 2015-12-17 13:48 - 2015-12-17 13:48 - 00345360 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2015-12-17 13:48 - 2015-12-17 13:48 - 00002856 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-12-16 21:08 - 2015-12-16 21:08 - 00000000 ____D C:\MSI828b9.tmp 2015-12-16 21:05 - 2015-12-16 21:05 - 00000000 ____D C:\MSI8279c.tmp 2015-12-16 19:49 - 2015-12-16 19:49 - 00000000 ____D C:\MSI91dee.tmp 2015-12-16 19:46 - 2015-12-16 19:46 - 00000000 ____D C:\MSI91dec.tmp 2015-12-16 19:31 - 2015-12-16 19:28 - 05619784 _____ (Microsoft Corporation) C:\Windows\system32\mfc110u.dll 2015-12-16 18:58 - 2015-12-16 18:58 - 00000000 ____D C:\MSI870d9.tmp 2015-12-16 18:57 - 2015-12-16 18:57 - 00000000 ____D C:\MSI870d2.tmp 2015-12-14 18:12 - 2015-12-14 18:12 - 00000000 ____D C:\MSI60cfb.tmp 2015-12-14 17:53 - 2015-12-14 17:53 - 00000000 ____D C:\MSI4ede6.tmp 2015-12-14 16:54 - 2015-12-14 16:54 - 00000000 ____D C:\Program Files\kingsoft 2015-12-14 16:54 - 2015-08-18 17:30 - 00232296 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\KSSafe.sys 2015-12-14 16:44 - 2015-12-14 16:44 - 00000000 ____D C:\MSIc7b15.tmp 2015-12-14 16:42 - 2015-12-20 13:17 - 00000000 ____D C:\Program Files\Windows 7 Activator 2015-12-12 10:55 - 2015-12-19 15:28 - 00000000 ____D C:\Windows\Minidump 2015-12-10 00:27 - 2015-12-10 00:27 - 00000000 ____D C:\MSI6afd5.tmp 2015-12-10 00:20 - 2015-12-10 00:20 - 00000000 ____D C:\MSI6af68.tmp 2015-12-09 20:12 - 2015-12-09 20:12 - 00000000 ____D C:\MSI36081.tmp 2015-12-09 20:12 - 2015-12-09 20:12 - 00000000 ____D C:\MSI3607a.tmp 2015-12-09 14:16 - 2015-12-09 14:16 - 00000000 ____D C:\Program Files\Messenger for Desktop 2015-12-02 03:45 - 2015-12-02 03:45 - 00000000 ____D C:\MSIf0c72.tmp 2015-11-30 15:04 - 2015-11-30 15:04 - 00000000 ____D C:\MSIfb4ce.tmp 2015-11-30 15:03 - 2015-11-30 15:03 - 00000000 ____D C:\MSIfb4c7.tmp 2015-11-28 23:51 - 2015-12-14 17:52 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs 2015-11-28 23:51 - 2015-11-28 23:51 - 00000000 ____D C:\Program Files\Topaz Labs 2015-11-25 13:49 - 2015-11-25 13:49 - 00000000 ____D C:\Program Files\Gmail Notifier 2015-11-24 19:25 - 2015-11-24 19:25 - 00000000 ____D C:\MSI8b131.tmp 2015-11-24 15:22 - 2015-11-24 15:22 - 00000000 ____D C:\MSIa8d09.tmp 2015-11-24 13:33 - 2015-11-24 13:36 - 00000000 ____D C:\Program Files\TeamViewer 2015-11-23 14:40 - 2015-11-23 14:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-11-23 14:39 - 2015-11-23 14:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-22 20:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows 2015-12-22 20:45 - 2015-10-22 13:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-22 20:34 - 2009-07-14 05:34 - 00010528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-22 20:34 - 2009-07-14 05:34 - 00010528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-22 20:25 - 2015-10-22 13:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-22 20:25 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-22 20:22 - 2015-10-14 18:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-22 18:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas 2015-12-20 19:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-12-20 19:17 - 2015-10-24 17:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-12-20 17:48 - 2015-10-15 13:36 - 00000000 ____D C:\Program Files\Intel 2015-12-19 15:27 - 2015-10-20 14:51 - 00000000 ____D C:\Program Files\CCleaner 2015-12-19 12:49 - 2015-10-14 18:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-12-18 18:33 - 2015-11-06 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-18 18:10 - 2015-10-25 17:39 - 00000000 ____D C:\AdwCleaner 2015-12-18 01:21 - 2015-10-29 15:10 - 00000000 ____D C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a 2015-12-18 01:21 - 2015-10-29 15:02 - 00000000 ____D C:\Program Files\7-Zip 2015-12-17 20:50 - 2015-10-14 18:18 - 00000000 ____D C:\Users\dejan 2015-12-17 20:49 - 2009-07-14 03:03 - 43253760 _____ C:\Windows\system32\config\SOFTWARE.bak 2015-12-17 20:49 - 2009-07-14 03:03 - 13107200 _____ C:\Windows\system32\config\SYSTEM.bak 2015-12-17 20:49 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-12-17 20:46 - 2009-07-14 03:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2015-12-16 23:04 - 2015-10-19 21:52 - 00000000 ____D C:\Program Files\AVG 2015-12-16 21:07 - 2015-10-19 21:58 - 00000000 ___HD C:\$AVG 2015-12-14 17:56 - 2015-10-14 18:23 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-14 17:49 - 2009-07-14 05:33 - 00269880 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-13 19:41 - 2015-10-14 18:29 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-12-13 19:41 - 2015-10-14 18:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-12-14 18:20 - 2015-12-14 18:20 - 0005120 _____ () C:\Users\dejan\AppData\Roaming\GiftBag.db 2015-10-31 21:47 - 2015-11-01 04:47 - 0000115 _____ () C:\Users\dejan\AppData\Roaming\LogFile.txt 2015-12-14 16:43 - 2015-12-14 16:43 - 0000187 _____ () C:\Users\dejan\AppData\Local\Xx-lex.exe.config ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-20 03:56 ==================== End of FRST.txt ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 23 Dec 2015 20:53 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. CreateRestorePoint: FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_151217__yaff FF SelectedSearchEngine: Yahoo® DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Application Restart #0 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MalwareProtectionLive SearchScopes: HKU\S-1-5-21-1668144661-2884591123-2203260530-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg C:\sh4ldr C:\*.tmp C:\Prefs.js C:\searchplugins C:\Windows\system32\LavasoftTcpService.dll C:\Windows\system32\LavasoftTcpServiceOff.ini C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a C:\Users\dejan\AppData\Roaming\GiftBag.db C:\Users\dejan\AppData\Roaming\LogFile.txt C:\Users\dejan\AppData\Local\Xx-lex.exe.config S3 EraserUtilDrv11520; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X] S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.2.17063.223\softaal.sys [X] CHR Extension: (Norton Security Toolbar) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-12-19] EmptyTemp: U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

dejanod Poslao: 24 Dec 2015 21:16 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Scan Tool (x86) Version:20-12-2015 Ran by dejan (2015-12-24 21:12:53) Run:1 Running from C:\Users\dejan\Desktop Loaded Profiles: dejan (Available Profiles: dejan) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_151217__yaff FF SelectedSearchEngine: Yahoo® DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Application Restart #0 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MalwareProtectionLive SearchScopes: HKU\S-1-5-21-1668144661-2884591123-2203260530-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg C:\sh4ldr C:\.tmp C:\Prefs.js C:\searchplugins C:\Windows\system32\LavasoftTcpService.dll C:\Windows\system32\LavasoftTcpServiceOff.ini C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a C:\Users\dejan\AppData\Roaming\GiftBag.db C:\Users\dejan\AppData\Roaming\LogFile.txt C:\Users\dejan\AppData\Local\Xx-lex.exe.config S3 EraserUtilDrv11520; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X] S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.2.17063.223\softaal.sys [X] CHR Extension: (Norton Security Toolbar) - C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-12-19] EmptyTemp: **************** Error: (0) Failed to create a restore point. FF ProfilePath: C:\Users\dejan\AppData\Roaming\Mozilla\Firefox\Profiles\1ue1v8z1.default => FRST is scripted not to move this directory. Firefox "newtab" removed successfully. Firefox SelectedSearchEngine removed successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Application Restart #0 => key removed successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MalwareProtectionLive => key removed successfully. "HKU\S-1-5-21-1668144661-2884591123-2203260530-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878}" => key removed successfully. HKCR\CLSID\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878} => key not found. "C:\sh4ldr" folder move: Could not move "C:\sh4ldr" => Scheduled to move on reboot. =========== "C:\.tmp" ========== not found ========= End -> "C:\.tmp" ======== Could not move "C:\Prefs.js" => Scheduled to move on reboot. "C:\searchplugins" folder move: Could not move "C:\searchplugins" => Scheduled to move on reboot. C:\Windows\system32\LavasoftTcpService.dll => moved successfully Could not move "C:\Windows\system32\LavasoftTcpServiceOff.ini" => Scheduled to move on reboot. "C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a" folder move: Could not move "C:\Program Files\c6fdae68-5b2b-49d1-904d-708dc40b305a" => Scheduled to move on reboot. C:\Users\dejan\AppData\Roaming\GiftBag.db => moved successfully Could not move "C:\Users\dejan\AppData\Roaming\LogFile.txt" => Scheduled to move on reboot. C:\Users\dejan\AppData\Local\Xx-lex.exe.config => moved successfully EraserUtilDrv11520 => service removed successfully. softaal => service removed successfully. C:\Users\dejan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob => not found. EmptyTemp: => 1.1 GB temporary data Removed. ==== End of Fixlog 21:15:12 ====

Profil

Sass Drake Poslao: 24 Dec 2015 22:15 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. U EULA prozoru klikni na I agree. U Options isključi Reset Winsock settings ako je uključen. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Cleaning i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Profil

dejanod Poslao: 26 Dec 2015 16:42 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 27 Dec 2015 13:01 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

dejanod Poslao: 27 Dec 2015 14:09 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izbacuje %inf% za početnu stranu i isto OF LINE , skenirao sam već sa Malware byte i našao je samo free you tube downloadeer jutros,a ja sam pre tri dana skenirao sa Malware.

Profil

Sass Drake Poslao: 27 Dec 2015 14:21 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: magna86 Registruj se da bi pohvalio/la poruku! Samo ti odradi ovo što sam ti rekao.

Profil

dejanod Poslao: 27 Dec 2015 15:25 Idi na vrh
offline dejanod Moderator foruma u administraciji Pridružio: 16 Okt 2010 Poruke: 3468 Gde živiš: KRAGUJEVAC	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 27 Dec 2015 14:23 U redu. Dopuna: 27 Dec 2015 15:25 Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.12.27.02 rootkit: v2015.12.26.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 dejan :: DEJAN-PC [administrator] 12/27/2015 2:31:17 PM mbar-log-2015-12-27 (14-31-17).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 288922 Time elapsed: 22 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 27 Dec 2015 23:38 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: `process; startupall; drivers-services-list; skipfix-iedefaults; firefoxlook; chromelook; filesrcm;` Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » file:///C:/ProgramData/Zitenops/snp.sc

Ko je trenutno na forumu

Ukupno su 1266 korisnika na forumu :: 43 registrovanih, 8 sakrivenih i 1215 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andrija357, cavatina, cifra, Denaya, DonRumataEstorski, dragoljub11987, FOX, Georgius, goxin, ikan, Istman, ivica976, jackreacher011011, JOntra, Karla, ladro, M1los, mercedesamg, mikrimaus, milenko crazy north, Mixelotti, nemkea71, nenad81, nextyamb, opt1, pein, Petarvu, Raso75, rodoljub, royst33, sasa76, Sirius, solic, stalja, Tvrtko I, vlvl, wolverined4, yrraf, YugoSlav, zziko, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by