Ads by DealSpace

1

Ads by DealSpace

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

Od pre mozda 6 dana mi iskacu neke reklame koje zakljanjaju stranicu, nebitno na koji sajt udjem, na svakom 2-3 koji otvorim mi iskoci ta reklama

Evo kako izgleda



Nekad se desi kada kliknem na X da otvori reklamu a nekad ne..

Uglavnom, skenirao sam sa Malwarebytes, obrisao sam sve sto je nasao, evo log fajl

https://www.mycity.rs/must-login.png

Btw. evo sad kad sam pritisnuo "Prikaci fajl" otvorilo mi je neki popup sa nekim SPAM sajtom..

I desava mi se kad udjem na neki sajt, nebitno koji da me redirektuje na onu reklamu kao sa slike iznad..

FRST.txt

http://pastebin.com/thV5nQBC

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Nenad (administrator) on NENAD-PC on 22-04-2015 16:08:49
Running from C:\Users\Nenad\Downloads
Loaded Profiles: Nenad (Available profiles: Nenad)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acunetix Ltd.) C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9f9a-d6fd-11e4-986d-00192122ab68} - E:\autoplay.exe
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9fa3-d6fd-11e4-986d-00192122ab68} - F:\autoplay.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 89.216.39.251 89.216.39.252

FireFox:
========
FF ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Extension: No Name - C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [Not Found]
FF Extension: No Name - C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Hackers toolkit) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnniaejgfdelaafcjopndjdebjfnkljf [2015-02-19]
CHR Extension: (Postcron) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kahoebmmfnjmjcbclecdkhiapmefpaed [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R4 AcuWVSSchedulerv6; C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [994952 2008-11-27] (Acunetix Ltd.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-03-30] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-08-03] (The OpenVPN Project)
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 16:00 - 2015-04-22 16:01 - 00027312 _____ () C:\Users\Nenad\Downloads\Addition.txt
2015-04-22 15:59 - 2015-04-22 16:09 - 00008099 _____ () C:\Users\Nenad\Downloads\FRST.txt
2015-04-22 15:59 - 2015-04-22 16:08 - 00000000 ____D () C:\FRST
2015-04-22 15:57 - 2015-04-22 15:58 - 01139200 _____ (Farbar) C:\Users\Nenad\Downloads\FRST.exe
2015-04-22 12:08 - 2015-04-22 12:08 - 00002486 _____ () C:\Windows\PFRO.log
2015-04-21 23:25 - 2015-04-22 12:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 23:24 - 2015-04-21 23:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-21 23:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-21 23:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-21 23:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 23:23 - 2015-04-21 23:23 - 00000000 ____D () C:\Users\Nenad\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012 Final + Keys [ATOM]
2015-04-21 23:05 - 2015-04-21 23:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-21 23:04 - 2015-04-21 23:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-20 21:26 - 2015-04-20 21:26 - 00000000 ____D () C:\Windows\pss
2015-04-20 21:12 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\WhIIteDealS
2015-04-20 21:12 - 2015-04-20 21:12 - 00000020 _____ () C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-04-20 21:12 - 2015-04-20 21:12 - 00000000 ____D () C:\ProgramData\9711858832783921383
2015-04-15 22:20 - 2015-04-15 22:20 - 00094771 _____ () C:\Users\Nenad\Downloads\RadndomAP-01.cap
2015-04-15 16:10 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-15 16:10 - 2015-04-15 16:10 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-15 16:08 - 2015-04-15 16:09 - 00243312 _____ () C:\Users\Nenad\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-15 15:38 - 2015-04-15 15:38 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-04-15 15:38 - 2015-04-15 15:38 - 00002036 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-04-15 15:38 - 2015-04-15 15:38 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Thunderbird
2015-04-15 15:38 - 2015-04-15 15:38 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Thunderbird
2015-04-15 15:37 - 2015-04-15 15:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-15 15:36 - 2015-04-15 15:37 - 28906464 _____ (Mozilla) C:\Users\Nenad\Downloads\Thunderbird Setup 31.6.0.exe
2015-04-13 12:30 - 2015-04-13 12:31 - 08694257 _____ () C:\Users\Nenad\Downloads\Eys0.rar
2015-04-11 15:53 - 2015-04-11 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-04-11 15:53 - 2015-04-11 15:53 - 00000000 ____D () C:\Program Files\Pandora Recovery
2015-04-11 15:52 - 2015-04-11 15:53 - 02438824 _____ () C:\Users\Nenad\Downloads\PandoraRecovery.exe
2015-04-11 15:49 - 2015-04-11 15:49 - 01348221 _____ (iCare Recovery ) C:\Users\Nenad\Downloads\icaredrs.exe
2015-04-10 13:20 - 2015-04-10 13:20 - 00253704 _____ () C:\Users\Nenad\Downloads\franchise.zip
2015-04-10 02:09 - 2015-04-10 02:09 - 06208736 _____ (Tim Kosse) C:\Users\Nenad\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-10 02:09 - 2015-04-10 02:09 - 06196576 _____ (Tim Kosse) C:\Users\Nenad\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-09 15:09 - 2015-04-09 15:09 - 00000320 _____ () C:\Users\Nenad\Downloads\accesslog_cinjenice.net_4_9_2015.gz
2015-04-09 00:33 - 2015-04-09 00:34 - 00510179 _____ () C:\Users\Nenad\Downloads\5724937.w3g
2015-04-08 22:14 - 2015-04-08 22:16 - 00454845 _____ () C:\Users\Nenad\Downloads\wpex-photo.zip
2015-04-08 22:10 - 2015-04-08 22:10 - 02410140 _____ () C:\Users\Nenad\Downloads\market.1.0.0.8.zip
2015-04-08 20:29 - 2015-04-08 20:30 - 01168214 _____ () C:\Users\Nenad\Downloads\open-sans.zip
2015-04-08 19:59 - 2015-04-08 19:59 - 00399591 _____ () C:\Users\Nenad\Downloads\quicksand.zip
2015-04-08 19:38 - 2015-04-08 19:39 - 00989738 _____ () C:\Users\Nenad\Downloads\Colorful-brain-icons.zip
2015-04-08 19:21 - 2015-04-08 19:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-08 15:20 - 2015-04-08 15:20 - 00001095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
2015-04-08 15:20 - 2015-04-08 15:20 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2015-04-08 15:19 - 2015-04-08 20:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-08 15:18 - 2015-04-08 15:20 - 00000000 ____D () C:\Program Files\Adobe
2015-04-08 15:18 - 2015-04-08 15:18 - 00001365 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2015-04-08 15:17 - 2015-04-10 13:15 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Adobe
2015-04-08 15:17 - 2015-04-08 20:47 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Adobe
2015-04-08 15:17 - 2015-04-08 15:17 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-08 15:16 - 2015-04-08 15:16 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-08 15:12 - 2015-04-08 15:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-08 15:05 - 2015-04-08 15:05 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-08 15:04 - 2015-04-08 15:05 - 00000000 ____D () C:\Users\Nenad\Downloads\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}
2015-04-08 13:21 - 2015-04-08 13:39 - 1339820827 ____R () C:\Users\Nenad\Downloads\Adobe Photoshop CS4 + Keygen.rar
2015-04-08 13:06 - 2015-04-08 13:06 - 00903077 _____ () C:\Users\Nenad\Downloads\5724502.w3g
2015-04-07 18:16 - 2015-04-07 18:16 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-07 13:28 - 2015-04-22 12:08 - 00002714 _____ () C:\Windows\setupact.log
2015-04-07 13:28 - 2015-04-07 13:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 14:22 - 2015-04-04 14:22 - 00000000 ____D () C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf
2015-04-04 14:21 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace}
2015-04-04 14:17 - 2015-04-04 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-04-04 14:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-04 14:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-04 14:15 - 2015-04-04 14:35 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Winamp
2015-04-04 14:15 - 2015-04-04 14:17 - 00000000 ____D () C:\Program Files\Winamp
2015-04-04 14:15 - 2015-04-04 14:15 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-04-04 14:12 - 2015-04-04 14:14 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Nenad\Downloads\winamp5666_full_all.exe
2015-04-03 19:23 - 2015-04-03 19:23 - 01275151 _____ () C:\Users\Nenad\Downloads\video-1428081247.mp4.mp4
2015-04-03 00:29 - 2015-04-03 00:32 - 67071457 _____ () C:\Users\Nenad\Downloads\gmail_db.zip
2015-03-31 14:53 - 2015-04-06 16:03 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 22:38 - 2015-03-30 22:39 - 08271624 _____ () C:\Users\Nenad\Downloads\DotA v6.81c.w3x
2015-03-30 22:38 - 2015-03-30 22:39 - 08271430 _____ () C:\Users\Nenad\Downloads\DotA v6.81d.w3x
2015-03-30 22:36 - 2015-03-30 22:36 - 00000044 _____ () C:\Windows\wawx_dumpreg64.dll
2015-03-30 22:36 - 2015-03-30 22:36 - 00000044 _____ () C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat
2015-03-30 22:35 - 2015-03-31 15:24 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Eurobattle.net
2015-03-30 22:33 - 2015-03-31 15:24 - 00000000 ____D () C:\Program Files\Eurobattle.net
2015-03-30 22:33 - 2015-03-30 22:33 - 00000979 _____ () C:\Users\Nenad\Desktop\Eurobattle.net Client.lnk
2015-03-30 22:30 - 2015-03-30 22:31 - 08990552 _____ (Microsoft Corporation) C:\Users\Nenad\Downloads\vcredist_x86.exe
2015-03-30 22:27 - 2015-03-30 22:27 - 00414692 _____ () C:\Users\Nenad\Downloads\msvcr100.zip
2015-03-30 22:25 - 2015-03-30 22:25 - 00431936 _____ (Microsoft Corporation) C:\Users\Nenad\Downloads\msvcp100.dll
2015-03-30 22:22 - 2015-03-30 22:22 - 00000156 _____ () C:\Users\Nenad\Downloads\prepatch.log
2015-03-30 22:19 - 2015-03-30 22:20 - 08219130 _____ () C:\Users\Nenad\Downloads\DotA v6.83c.w3x
2015-03-30 22:17 - 2015-03-30 22:22 - 00055292 _____ () C:\Windows\War3Unin.dat
2015-03-30 22:17 - 2015-03-30 22:21 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2015-03-30 22:17 - 2015-03-30 22:21 - 00002829 _____ () C:\Windows\War3Unin.pif
2015-03-30 22:17 - 2015-03-30 22:21 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 22:17 - 2015-03-30 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 22:13 - 2015-04-22 13:18 - 00000000 ____D () C:\Program Files\Warcraft III
2015-03-30 22:10 - 2015-04-06 16:04 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:34 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-30 22:10 - 2015-03-30 22:10 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-03-30 22:09 - 2015-03-30 22:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-30 22:08 - 2015-03-30 22:09 - 13146016 _____ (Disc Soft Ltd) C:\Users\Nenad\Downloads\DTLite501-0406.exe
2015-03-30 22:05 - 2015-03-30 22:10 - 58718061 _____ (Blizzard Entertainment) C:\Users\Nenad\Downloads\War3TFT_126a_English.exe
2015-03-30 22:05 - 2015-03-30 22:06 - 22721781 _____ () C:\Users\Nenad\Downloads\installer_v5.zip
2015-03-30 21:39 - 2015-03-30 22:05 - 00000000 ____D () C:\Users\Nenad\Downloads\Warcraft 3 Reign of Chaos and Frozen Throne (zabranjeno)ed
2015-03-30 21:38 - 2015-04-21 23:24 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\BitTorrent
2015-03-30 21:38 - 2015-03-30 21:38 - 00000851 _____ () C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-30 21:36 - 2015-03-30 21:36 - 00695112 _____ () C:\Users\Nenad\Downloads\[kickass.to]warcraft.3.reign.of.chaos.and.frozen.throne.(zabranjeno)ed.torrent
2015-03-30 21:31 - 2015-03-30 21:31 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-03-30 21:31 - 2015-03-30 21:31 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2015-03-30 21:30 - 2015-03-30 21:30 - 00000000 ____D () C:\ProgramData\Sun
2015-03-30 21:30 - 2015-03-30 21:30 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-30 21:30 - 2015-03-30 21:29 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-30 21:29 - 2015-03-30 21:29 - 00000000 ____D () C:\Program Files\Java
2015-03-30 01:11 - 2015-03-30 01:12 - 00000000 ____D () C:\Program Files\Sublime Text 3
2015-03-30 01:08 - 2015-03-30 01:08 - 00002265 _____ () C:\Users\Nenad\Downloads\index.html
2015-03-30 01:04 - 2015-03-30 01:05 - 00299040 _____ () C:\Users\Nenad\Downloads\webuild.zip
2015-03-28 16:28 - 2015-03-28 16:28 - 00476836 _____ () C:\Users\Nenad\Downloads\m-addimg.zip
2015-03-28 16:27 - 2015-03-28 16:28 - 01594173 _____ () C:\Users\Nenad\Downloads\addimg.zip
2015-03-24 18:37 - 2015-03-24 18:38 - 00000810 _____ () C:\Windows\WVS_InstDBLogFile.csv
2015-03-24 18:37 - 2015-03-24 18:37 - 00000016 _____ () C:\Windows\system32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
2015-03-24 18:37 - 2015-03-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 6
2015-03-24 18:37 - 2015-03-24 18:37 - 00000000 ____D () C:\Program Files\Acunetix
2015-03-23 20:22 - 2015-03-23 20:23 - 08710187 _____ () C:\Users\Nenad\Downloads\253099.zip
2015-03-23 00:45 - 2015-03-23 00:46 - 00186592 _____ () C:\Users\Nenad\Downloads\v3.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 15:22 - 2015-02-19 21:17 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 12:13 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 12:13 - 2009-07-14 06:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 12:11 - 2015-02-20 06:05 - 00282436 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 12:08 - 2015-02-19 22:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 12:08 - 2015-02-19 21:17 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 12:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 06:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-17 14:57 - 2015-03-18 14:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 16:12 - 2015-02-19 21:14 - 00000000 ____D () C:\Users\Nenad
2015-04-14 17:09 - 2015-02-19 21:16 - 00058864 _____ () C:\Users\Nenad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 15:31 - 2009-07-14 06:33 - 02221952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-13 19:00 - 2015-02-20 22:43 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\Skype
2015-04-13 18:56 - 2015-02-20 22:40 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2015-04-12 21:32 - 2015-02-22 21:04 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\TS3Client
2015-04-11 15:30 - 2015-02-19 21:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 02:41 - 2015-02-27 15:36 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\FileZilla
2015-04-09 17:35 - 2015-03-07 00:34 - 00000000 ____D () C:\Users\Nenad\Desktop\Files
2015-04-06 16:04 - 2015-02-19 21:21 - 00000000 ____D () C:\Program Files\Steam
2015-03-30 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-30 22:27 - 2012-08-17 10:38 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2015-03-30 22:22 - 2015-02-19 21:14 - 00000000 ____D () C:\Users\Nenad\AppData\Local\VirtualStore
2015-03-30 01:12 - 2015-02-21 14:57 - 00000000 ____D () C:\Users\Nenad\AppData\Local\Sublime Text 3
2015-03-28 18:27 - 2015-02-25 22:40 - 00000000 ____D () C:\Users\Nenad\AppData\Roaming\mIRC
2015-03-28 17:59 - 2015-02-22 17:37 - 00000000 ____D () C:\Users\Nenad\Documents\Hackin
2015-03-25 16:08 - 2015-02-19 21:21 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-03-25 15:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2015-04-20 21:12 - 2015-04-20 21:12 - 0000020 _____ () C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-03-30 22:36 - 2015-03-30 22:36 - 0000044 _____ () C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat

Some content of TEMP:
====================
C:\Users\Nenad\AppData\Local\Temp\6FC4.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 17:35



Addition.txt

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da li si ti instalirao developer verziju Chromea?


Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9f9a-d6fd-11e4-986d-00192122ab68} - E:\autoplay.exe
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9fa3-d6fd-11e4-986d-00192122ab68} - F:\autoplay.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {B824B36B-E356-44F5-B0D1-0FC4E7161701} - System32\Tasks\{9283D877-1004-4BD7-8727-8DDC57092DB7} => pcalua.exe -a "C:\Program Files\DiscountMan\DiscountMan.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
C:\Program Files\WhIIteDealS
C:\Program Files\DiscountMan
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by Nenad at 2015-04-22 19:42:48 Run:1
Running from C:\Users\Nenad\Desktop
Loaded Profiles: Nenad (Available profiles: Nenad)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9f9a-d6fd-11e4-986d-00192122ab68} - E:\autoplay.exe
HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\...\MountPoints2: {b98d9fa3-d6fd-11e4-986d-00192122ab68} - F:\autoplay.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {B824B36B-E356-44F5-B0D1-0FC4E7161701} - System32\Tasks\{9283D877-1004-4BD7-8727-8DDC57092DB7} => pcalua.exe -a "C:\Program Files\DiscountMan\DiscountMan.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
C:\Program Files\WhIIteDealS
C:\Program Files\DiscountMan
EmptyTemp:
*****************

"HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98d9f9a-d6fd-11e4-986d-00192122ab68}" => Key deleted successfully.
HKCR\CLSID\{b98d9f9a-d6fd-11e4-986d-00192122ab68} => Key not found.
"HKU\S-1-5-21-3714452422-3355782321-1450825522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98d9fa3-d6fd-11e4-986d-00192122ab68}" => Key deleted successfully.
HKCR\CLSID\{b98d9fa3-d6fd-11e4-986d-00192122ab68} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B824B36B-E356-44F5-B0D1-0FC4E7161701}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B824B36B-E356-44F5-B0D1-0FC4E7161701}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9283D877-1004-4BD7-8727-8DDC57092DB7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9283D877-1004-4BD7-8727-8DDC57092DB7}" => Key deleted successfully.
C:\Program Files\WhIIteDealS => Moved successfully.
"C:\Program Files\DiscountMan" => File/Directory not found.
EmptyTemp: => Removed 490.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:43:20 ====


AdwCleaner[S0]

# AdwCleaner v4.201 - Logfile created 22/04/2015 at 19:51:49
# Updated 08/04/2015 by Xplode
# Database : 2015-04-22.1 [Server]
# Operating system : Windows 7 Ultimate  (x86)
# Username : Nenad - NENAD-PC
# Running from : C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

*************************

AdwCleaner[R0].txt - [1439 bytes] - [22/04/2015 19:47:23]
AdwCleaner[S0].txt - [1374 bytes] - [22/04/2015 19:51:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1433  bytes] ##########


Ali i dalje prikazuje.. Cim sam usao na mycity.rs izbacilo je reklamu

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nisi mi odgovorio na pitanje.

Citat:Da li si ti instalirao developer verziju Chromea?


Arrow

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

Sass Drake ::Nisi mi odgovorio na pitanje.

Citat:Da li si ti instalirao developer verziju Chromea?


Arrow

Spakuj u ZIP, RAR ili 7Z arhive sljedeće foldere:

C:\FRST\Quarantine

i

C:\AdwCleaner

i pošalji ih preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.


Nisam instalirao

Uploadovao sam

AdwCleaner.zip i Quarantine.zip

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj Google Chrome. Obavezno označni opciju Also delete your browsing data.
Bookmarkse možeš da izvezeš i da ih kasnije opet ubaciš.

Kada ga deinstaliraš, skini ga sa Google sajta, https://www.google.com/chrome/browser/ i instaliraj opet.



Arrow Korak 2

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392


Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Nenad on Thu 04/23/2015 at  0:25:18.84.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nenad\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/23/2015 12:26:25 AM Zoek.exe System Restore Point Created Successfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Users\Nenad\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservice.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wampapache] - wampapache - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
S3 - [wampmysqld] - wampmysqld - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AcuWVSSchedulerv6] - Acunetix WVS Scheduler v6 - c:\program files\acunetix\web vulnerability scanner 6\wvsscheduler.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
S4 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
S4 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S4 - [Steam Client Service] - Steam Client Service - c:\program files\common files\steam\steamservice.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-03-30 20:36:12   D74A626B9A1901C92AEC32C6C6A67B1F   44   ----a-w-   C:\Windows\wawx_dumpreg64.dll
2015-03-30 20:17:30   A83A44F0E9A25899B1D8E41471C50790   139264   ----a-w-   C:\Windows\War3Unin.exe
2015-03-30 20:17:30   93E89D2C2656A531EC0F63A48E0EA5A9   2829   ----a-w-   C:\Windows\War3Unin.pif
2015-03-30 20:17:30   5FD76C915BF14161B927A1DB0904C47A   55292   ----a-w-   C:\Windows\War3Unin.dat
2015-03-24 16:37:17   AA08703FB73D6A0DD236C953245C76A8   810   ----a-w-   C:\Windows\WVS_InstDBLogFile.csv
====== C:\Users\Nenad\AppData\Local\Temp ====
====== Java Cache =====
2015-03-30 19:31:37   FCE549C95F3578DF675773341880E2EF   104   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2c0614c1-20e118fe
2015-03-30 19:31:20   54BB713D2C14D1594E9D3583098761FA   383   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6959d70b-7c7b3a0a9da2bf10294f71fd4aedfa6cfe9e58eafd9b8e6f56026bf0948f270e-6.0.lap
2015-03-30 19:31:26   3C648330F23D5DFB80ED9093888D4ECD   111   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1811190-23225616b39adad84a980225e3f8165c173e9adb468fc798cc52c1c14ce85991-6.0.lap
2015-03-30 19:31:22   8CC3D7E8A334FDAEE112387186AA7254   331805   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5e830bdb-3dc2de43
2015-03-30 19:32:23   44F627191DA830E7D54BC4E3D363FC2C   111   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5e362d22-6e8993bf4c5ff50ea068382540126d5ba9d463de7b98c56b2a6952dcffd57256-6.0.lap
2015-03-30 19:31:23   81F285F6F88BAF4C595D89CB63B1CFF1   9442   ----a-w-   C:\Users\Nenad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-134f69a3
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2015-04-21 21:25:19   12E71DA845D76665B56753AD149E32B3   110296   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-21 21:24:45   BD27D97297934FD4217A37FD28A7ABC7   51928   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-04-21 21:24:45   8683C1B450F4B3872839308D836E0F92   23256   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-04-21 21:24:45   1AA835E8A0B8EDF3D676B4ED4BF5EF07   74456   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-30 20:10:20   4F3D9183A9A4203ED29F7AE1D0B55923   25104   ----a-w-   C:\Windows\System32\drivers\dtlitescsibus.sys
====== C:\Windows\Tasks ======
2015-04-22 22:22:39   E00CFC408ECE37F27F4F180C066DA91A   3880   ----a-w-   C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2015-04-22 22:22:39   41C1CA25E0519E039E559F77F862DEC8   884   ----a-w-   C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 22:22:38   E7DE240A086E1F76355DB8F6DE02E70B   880   ----a-w-   C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 22:22:38   B8D63DC39D174F16D58611C473F54C84   3628   ----a-w-   C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-21 21:05:53   --------   d-----w-   C:\Program Files\Enigma Software Group
2015-04-15 13:37:56   --------   d-----w-   C:\Program Files\Mozilla Thunderbird
2015-04-11 13:53:21   --------   d-----w-   C:\Program Files\Pandora Recovery
2015-04-08 13:18:28   --------   d-----w-   C:\Program Files\Adobe
2015-04-08 13:16:39   --------   d-----w-   C:\Program Files\Common Files\Macrovision Shared
2015-04-08 13:12:26   --------   d-----w-   C:\Program Files\Common Files\Adobe
2015-04-08 13:05:42   --------   d-----w-   C:\Program Files\WinRAR
2015-04-04 12:15:53   --------   d-----w-   C:\Program Files\Common Files\PX Storage Engine
2015-04-04 12:15:37   --------   d-----w-   C:\Program Files\Winamp
2015-03-30 20:33:54   --------   d-----w-   C:\Program Files\Eurobattle.net
2015-03-30 20:13:44   --------   d-----w-   C:\Program Files\Warcraft III
2015-03-30 20:10:16   --------   d-----w-   C:\Program Files\DAEMON Tools Lite
2015-03-30 19:31:36   --------   d-----w-   C:\Program Files\SystemRequirementsLab
2015-03-30 19:30:04   --------   d-----w-   C:\Program Files\Common Files\Java
2015-03-30 19:29:07   --------   d-----w-   C:\Program Files\Java
2015-03-29 23:11:55   --------   d-----w-   C:\Program Files\Sublime Text 3
2015-03-24 16:37:32   --------   d-----w-   C:\Program Files\Acunetix
======= C: =====
====== C:\Users\Nenad\AppData\Roaming ======
2015-04-20 19:12:59   E5DF6F115D6E6831397706E7230D4357   20   ----a-w-   C:\Users\Nenad\AppData\Roaming\appdataFr3.bin
2015-04-15 13:38:10   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Thunderbird
2015-04-15 13:38:10   --------   d-----w-   C:\Users\Nenad\AppData\Local\Thunderbird
2015-04-08 13:17:30   --------   d-----w-   C:\Users\Nenad\AppData\Local\Adobe
2015-04-08 13:17:25   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Adobe
2015-04-08 13:05:56   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\WinRAR
2015-04-08 13:05:46   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-07 16:16:43   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 12:15:37   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Winamp
2015-03-30 20:36:12   D74A626B9A1901C92AEC32C6C6A67B1F   44   ----a-w-   C:\Users\Nenad\AppData\Roaming\twow_sysprepdt.dat
2015-03-30 20:35:54   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Eurobattle.net
2015-03-30 20:17:30   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 20:10:19   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\DAEMON Tools Lite
2015-03-30 19:38:01   --------   d-----w-   C:\Users\Nenad\AppData\Roaming\BitTorrent
2015-03-30 19:26:18   --------   d-----w-   C:\Users\Nenad\AppData\Locallow\Sun
====== C:\Users\Nenad ======
2015-04-22 22:24:30   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-22 17:46:40   0EFDC1550592DC0C4E73AFFB54B35C3E   2217984   ----a-w-   C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
2015-04-22 13:57:50   C765F19FB36C4C140DDB6FC2556DF438   1139200   ----a-w-   C:\Users\Nenad\Desktop\FRST.exe
2015-04-21 21:04:54   B9FF555660A02DC4D3EAFF58357BE02A   3109248   ----a-w-   C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-20 19:12:12   --------   d-----w-   C:\ProgramData\9711858832783921383
2015-04-15 14:08:33   FD7E4228343CAD019B260F477814660C   243312   ----a-w-   C:\Users\Nenad\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-15 13:36:43   CA2AC7E2B2F8C5D2DB35F264D88BDCE6   28906464   ----a-w-   C:\Users\Nenad\Downloads\Thunderbird Setup 31.6.0.exe
2015-04-11 13:53:22   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
2015-04-11 13:52:52   361620395B08C664C69D4F6DFBFFF5D0   2438824   ----a-w-   C:\Users\Nenad\Downloads\PandoraRecovery.exe
2015-04-11 13:49:25   73971EE78CCA8ABF57CFCDE17FD62F63   1348221   ----a-w-   C:\Users\Nenad\Downloads\icaredrs.exe
2015-04-10 00:09:30   4CEBFBDD7756C30B54AD0EBCBAFE420E   6196576   ----a-w-   C:\Users\Nenad\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-10 00:09:17   D537D8BA8C5E9E69B345AB9DC2001DC7   6208736   ----a-w-   C:\Users\Nenad\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-04-08 17:21:43   --------   d-----w-   C:\ProgramData\FLEXnet
2015-04-08 13:19:58   --------   d-----w-   C:\ProgramData\Adobe
2015-04-08 13:05:46   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-04 12:22:35   --------   d-----w-   C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf
2015-04-04 12:21:36   --------   d-----w-   C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace}
2015-04-04 12:17:08   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-30 20:17:30   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2015-03-30 20:10:20   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-30 20:09:51   --------   d-----w-   C:\ProgramData\DAEMON Tools Lite
2015-03-30 19:31:36   --------   d-----w-   C:\ProgramData\SystemRequirementsLab
2015-03-30 19:30:05   --------   d-----w-   C:\ProgramData\Sun
2015-03-30 19:29:33   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-30 19:29:21   --------   d-----w-   C:\ProgramData\Oracle
2015-03-24 16:37:45   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 6

====== C: exe-files ==
2015-04-22 22:24:05   3F41E4BC551B4C913BAD2F4340D79B60   41815632   ----a-w-   C:\Program Files\Google\Update\Install\{E1B4B817-262C-4621-A9AD-F591E4DF175F}\42.0.2311.90_chrome_installer.exe
2015-04-22 22:24:04   3F41E4BC551B4C913BAD2F4340D79B60   41815632   ----a-w-   C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.90\42.0.2311.90_chrome_installer.exe
2015-04-22 22:22:36   FD98434B6A06FE31A35E4BFBC827B290   52040   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-04-22 22:22:36   E1B44A75947137F4143308D566889837   107848   ----atw-   C:\Program Files\Google\Update\GoogleUpdate.exe
2015-04-22 22:22:36   7CA00A58AA808F4B9844C91845910377   880208   ----a-w-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-04-22 22:22:36   5F0A3AA68785C49454F56C9F2DDA0237   52040   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-04-22 22:22:36   4C02536F4CA35911FB3EA5715F300C57   52040   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-04-22 22:22:35   F3B6470DA7CE34E559D3BA7365CC909C   115528   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-04-22 22:22:35   E1B44A75947137F4143308D566889837   107848   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-04-22 22:22:35   83BB030C71C9727DCFB2737005772C4E   232264   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-04-22 22:22:35   323CFFFDAF253AC65CD194A101BE6231   287048   ----atw-   C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-04-22 19:04:32   60195A541502A2BE819FBAB18CEF852F   5600504   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\000074d7\DAO.19510325.exe
2015-04-22 17:46:40   0EFDC1550592DC0C4E73AFFB54B35C3E   2217984   ----a-w-   C:\Users\Nenad\Downloads\adwcleaner_4.201.exe
2015-04-22 13:57:50   C765F19FB36C4C140DDB6FC2556DF438   1139200   ----a-w-   C:\Users\Nenad\Desktop\FRST.exe
2015-04-21 21:06:24   17426389724648E011FDC17D5DE1ECED   21888   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\native.exe
2015-04-21 21:06:00   FD947F1CBB022C1DC138013049F5E33A   7125376   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
2015-04-21 21:06:00   B785670E201B2CA20E91BF8D7B0D4D2A   771456   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
2015-04-21 21:04:54   B9FF555660A02DC4D3EAFF58357BE02A   3109248   ----a-w-   C:\Users\Nenad\Downloads\SpyHunter-Installer.exe
2015-04-21 19:03:21   21A2222D40A8FEB6A3085593FCECAA9C   5600000   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\000074bc\DAO.19509496.exe
2015-04-21 17:08:26   89235F5A8640B0CE7047D8EF8A36C3DE   675256   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-04-21 17:08:22   8F374DAEFCE0540EDCC2421185E857C7   172984   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-04-20 19:02:01   AECA539B74D4D1FA72DA4860D5DC69D8   5446104   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007455\DAO.19506225.exe
2015-04-20 19:01:49   B1064204F531B105D900CC2EB7D1A0AA   448976   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007440\CoProc update.19499926.exe
2015-04-16 18:17:51   C97A777527C6FBD382CE855A7C9D0086   5408240   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007433\DAO.19497234.exe
2015-04-16 18:17:43   BE936912DFF46B5C26ED7F5391E5BFF0   448872   ----a-w-   C:\Users\Nenad\AppData\Local\NVIDIA\NvBackend\Packages\00007424\CoProc update.19493902.exe
=== C: other files ==
2015-04-21 21:25:19   12E71DA845D76665B56753AD149E32B3   110296   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-21 21:24:45   BD27D97297934FD4217A37FD28A7ABC7   51928   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-04-21 21:24:45   8683C1B450F4B3872839308D836E0F92   23256   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-04-21 21:24:45   1AA835E8A0B8EDF3D676B4ED4BF5EF07   74456   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-21 21:06:24   FD947F1CBB022C1DC138013049F5E33A   7125376   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com
2015-04-21 21:06:13   9264DD96883E5769EE79CB43E712BE9E   16432   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2015-04-21 21:06:07   01CE484FF6D70A39479BC6D619DE7ED6   19984   ----a-w-   C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3714452422-3355782321-1450825522-1001\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Viber"
"hkey"="HKCU"
"command"="\"C:\\Users\\Nenad\\AppData\\Local\\Viber\\Viber.exe\" StartMinimized"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nenad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BALKAN PARTY MIX 2015 _VOL 1_.lnk]
"path"="C:\\Users\\Nenad\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BALKAN PARTY MIX 2015 _VOL 1_.lnk"
"backup"="C:\\Windows\\pss\\BALKAN PARTY MIX 2015 _VOL 1_.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\{1BBA3~1\\BALKAN~1.EXE --startup=1"
"item"="BALKAN PARTY MIX 2015 _VOL 1_"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AcuWVSSchedulerv6]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/23/2015 12:22 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/23/2015 12:22 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
user_pref("network.proxy.type", 4);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
- Undetermined - %ProfilePath%\extensions\staged

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
98137411B9C632095F919E2CE70B288A   - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll -   Google Update
C454432F43C61767873DA91885759471   - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -   NVIDIA 3D VISION
954FAB833273DCBC3254E95D2AAF0C46   - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -   NVIDIA 3D Vision
65F86262898A3C50CBD6BF8A9840A7EA   - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll -   Java(TM) Platform SE 8 U40
CA8A2850F3BFDF9F98BC91236620B146   - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll -   Java Deployment Toolkit 8.0.400.26


==== Chromium Look ======================

Docs - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 04/23/2015 at  0:29:13.34 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

createrestorepoint;
C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf;fs
C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace};fs
emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.


Question

Kakvo je sada stanje?

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392


Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Nenad on Thu 04/23/2015 at 20:55:34.68.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nenad\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-22-222913.log   28452 bytes

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Users\Nenad\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Nenad\AppData\Roaming\Eurobattle.net deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Program Files\SystemRequirementsLab deleted
C:\Users\Nenad\AppData\Roaming\Sublime Text 3 deleted
C:\ProgramData\hoiiepgcejdnmfkfdcopgeboejppgjnf deleted
C:\ProgramData\{1bba32b3-ae2b-8f85-1bba-a32b3ae2cace} deleted
C:\PROGRA~2\9711858832783921383 deleted
C:\Users\Nenad\AppData\Roaming\appdataFr3.bin deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default\extensions\staged deleted

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
user_pref("network.proxy.type", 4);

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nenad\AppData\Roaming\Mozilla\Firefox\Profiles\qb5f3x22.default
98137411B9C632095F919E2CE70B288A   - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll -   Google Update
C454432F43C61767873DA91885759471   - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -   NVIDIA 3D VISION
954FAB833273DCBC3254E95D2AAF0C46   - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -   NVIDIA 3D Vision
65F86262898A3C50CBD6BF8A9840A7EA   - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll -   Java(TM) Platform SE 8 U40
CA8A2850F3BFDF9F98BC91236620B146   - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll -   Java Deployment Toolkit 8.0.400.26


==== Chromium Look ======================

Bookmark Manager - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Nenad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Users\Nenad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nenad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBN8S9F1 will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D56P3JXE will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVR132U will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUO7XNKZ will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83ZZ79E2 will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88BBFVMD will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQIW0K9K will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUYXMBJR will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Nenad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6063 folders=339 75635516 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nenad\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nenad\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBN8S9F1" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D56P3JXE" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBVR132U" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUO7XNKZ" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83ZZ79E2" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88BBFVMD" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQIW0K9K" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUYXMBJR" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Cookies" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\History" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files" not found

==== EOF on Fri 04/24/2015 at  0:53:19.14 ======================


Mislim da je sad sve uredu, nije izbacilo nikakvu reklamu.. Ako je to, to, hvala ti Very Happy ako bude izbacilo reklamu odg. cu opet u ovoj temi Smile

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Imamo još jednu provjeru da obavimo.


Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Ko je trenutno na forumu
 

Ukupno su 1222 korisnika na forumu :: 47 registrovanih, 8 sakrivenih i 1167 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, Asparagus, babaroga, Battlehammer, Boris Bosiljčić, Boris90, BORUTUS, Brana01, Bubili, Bubimir, cemix, DPera, dule10savic, GenZee, GveX, ikan, ILGromovnik, Kruger, Krvava Devetka, Kubovac, KUZMAR, kybonacci, ladro, Lieutenant, ljuba, Luka Blažević, mercedesamg, mikrimaus, milenko crazy north, MiroslavD, mkukoleca, naki011, ostoja, pein, royst33, samsung, sasakrajina, Shinobi, sickmouse, suponik, taz1cl, vathra, Vlada78, voja64, |_MeD_|