Freeze mouse

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Od pre 2-3 dana kada upalim racunar mis bude freezeovan, i tako 5-6 sata, a onda proradi nekako. Citao sam po netu da je to zbog power savinga(Win XP bug), ali ipak nije. Sumnjam ne neki malwer il tako nesto.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by Petrovici (administrator) on PETROVIC-2DC4B6 (19-07-2016 11:09:25)
Running from C:\Documents and Settings\Petrovici\My Documents\preuzimanja
Loaded Profiles: Petrovici (Available Profiles: Petrovici & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-08-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\...\Run: [BitTorrent] => C:\Documents and Settings\Petrovici\Application Data\BitTorrent\BitTorrent.exe [1972232 2016-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\...\MountPoints2: {51b04daf-0c60-11e6-8a62-000feafb0ce1} - E:\launcher.exe
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\Petrovici\Start Menu\Programs\Startup\GameRanger.lnk [2016-07-06]
ShortcutTarget: GameRanger.lnk -> C:\Documents and Settings\Petrovici\Application Data\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{68123747-265C-4180-905E-32857678780F}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Petrovici\Application Data\Mozilla\Firefox\Profiles\7rcucp3q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2016-04-28] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Extension: Firebug - C:\Documents and Settings\Petrovici\Application Data\Mozilla\Firefox\Profiles\7rcucp3q.default\Extensions\firebug@software.joehewitt.com.xpi [2016-07-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-07-09] (Macrovision Europe Ltd.) [File not signed]
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4590968 2012-09-05] (Native Instruments GmbH)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)
S3 Visual Studio Analyzer RPC bridge; D:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1368000 2005-12-15] (C-Media Inc)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [232512 2016-04-27] (DT Soft Ltd)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2016-04-23] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2016-04-23] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2016-04-23] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [116608 2010-11-18] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 11:08 - 2016-07-19 11:09 - 00000000 ____D C:\FRST
2016-07-18 20:09 - 2016-07-18 20:09 - 00000000 ____D C:\Program Files\Point-N-Click
2016-07-18 20:09 - 2016-07-18 20:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Point-N-Click
2016-07-18 16:39 - 2016-07-18 17:09 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Euro Truck Simulator
2016-07-18 16:37 - 2016-07-18 16:37 - 00001626 _____ C:\Documents and Settings\Petrovici\Desktop\Euro Truck Simulator.lnk
2016-07-18 16:36 - 2016-07-18 16:37 - 00000000 ____D C:\Program Files\Games By GG releases
2016-07-18 16:22 - 2016-07-18 16:27 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\18 WoS Pedal to the Metal
2016-07-18 16:00 - 2016-07-18 16:00 - 00000733 _____ C:\Documents and Settings\Petrovici\Desktop\18 Wheels of Steel Pedal to the Metal.lnk
2016-07-18 16:00 - 2016-07-18 16:00 - 00000000 ____D C:\Documents and Settings\Petrovici\Start Menu\Programs\18 WoS Pedal to the Metal
2016-07-18 12:54 - 2016-07-18 12:54 - 00000000 ____D C:\WINDOWS\pss
2016-07-18 12:45 - 2016-07-18 12:45 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2016-07-16 12:32 - 2016-07-16 12:32 - 00000000 _____ C:\Documents and Settings\Petrovici\Desktop\New Adobe Photoshop Image.psd
2016-07-14 12:03 - 2016-07-14 16:06 - 00000000 ____D C:\Documents and Settings\Petrovici\.VirtualBox
2016-07-14 12:03 - 2016-07-14 15:55 - 00000000 ____D C:\Documents and Settings\Petrovici\VirtualBox VMs
2016-07-14 12:02 - 2016-07-14 12:02 - 00000843 _____ C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
2016-07-14 12:02 - 2016-07-14 12:02 - 00000000 ____D C:\Program Files\Oracle
2016-07-14 12:02 - 2016-07-14 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
2016-07-14 12:02 - 2015-11-11 11:11 - 00714632 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-07-14 12:02 - 2015-11-11 11:11 - 00091488 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-07-13 12:35 - 2016-07-13 12:35 - 00000724 _____ C:\Documents and Settings\Petrovici\Start Menu\Programs\Start Tor Browser.lnk
2016-07-13 12:35 - 2016-07-13 12:35 - 00000700 _____ C:\Documents and Settings\Petrovici\Desktop\Start Tor Browser.lnk
2016-07-13 12:34 - 2016-07-13 12:35 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\Tor Browser
2016-07-12 17:10 - 2015-11-11 11:11 - 00105384 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2016-07-09 17:30 - 2003-12-16 22:18 - 01475432 _____ C:\Documents and Settings\Petrovici\Desktop\app1win.exe
2016-07-09 17:29 - 2016-07-09 17:29 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\boomerang-win32-alpha-0.3.1
2016-07-09 17:29 - 2005-08-10 17:59 - 00010996 _____ C:\Documents and Settings\Petrovici\Desktop\wordlist.txt
2016-07-09 16:45 - 2016-07-09 16:45 - 00000193 ____R C:\Documents and Settings\Petrovici\My Documents\MSSCCPRJ.SCC
2016-07-09 16:45 - 2016-07-09 16:45 - 00000158 _____ C:\Documents and Settings\Petrovici\My Documents\MyWizard.vbw
2016-07-09 16:39 - 2012-05-10 18:38 - 00005245 _____ C:\Documents and Settings\Petrovici\Desktop\hulk.py
2016-07-09 16:27 - 2016-07-17 20:04 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\mIRC
2016-07-09 16:27 - 2016-07-17 19:35 - 00000000 ____D C:\Program Files\mIRC
2016-07-09 16:27 - 2016-07-09 16:27 - 00000626 _____ C:\Documents and Settings\All Users\Desktop\mIRC.lnk
2016-07-09 16:27 - 2016-07-09 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\mIRC
2016-07-09 15:26 - 2016-07-09 15:26 - 00000000 ____D C:\Program Files\Microsoft Windows Performance Toolkit
2016-07-09 15:26 - 2016-07-09 15:26 - 00000000 ____D C:\Documents and Settings\Petrovici\Start Menu\Programs\Microsoft Windows Performance Toolkit
2016-07-09 15:25 - 2016-07-09 15:25 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2016-07-09 15:24 - 2016-07-09 15:24 - 00000000 ____D C:\Program Files\Debugging Tools for Windows (x86)
2016-07-09 15:24 - 2016-07-09 15:24 - 00000000 ____D C:\Program Files\Application Verifier
2016-07-09 15:24 - 2016-07-09 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Debugging Tools for Windows (x86)
2016-07-09 15:24 - 2016-07-09 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Application Verifier
2016-07-09 15:21 - 2016-07-09 15:21 - 00000000 ____D C:\WINDOWS\symbols
2016-07-09 15:20 - 2016-07-09 15:20 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2016-07-09 15:09 - 2016-07-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Windows SDK v7.1
2016-07-09 15:09 - 2016-07-09 15:09 - 00000000 ____D C:\Program Files\Microsoft SDKs
2016-07-09 14:58 - 2016-07-09 14:58 - 00000000 _____ C:\WINDOWS\IROTVIEW.INI
2016-07-09 14:54 - 2016-07-18 12:37 - 00000185 _____ C:\WINDOWS\mdm.ini
2016-07-09 14:53 - 2016-07-09 14:53 - 00000288 _____ C:\WINDOWS\ODBC.INI
2016-07-09 14:53 - 2016-07-09 14:53 - 00000000 ____D C:\Program Files\Web Publish
2016-07-09 14:53 - 2016-07-09 14:53 - 00000000 ____D C:\Documents and Settings\Petrovici\Start Menu\Programs\Microsoft Web Publishing
2016-07-09 14:53 - 2016-07-09 14:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 6.0
2016-07-09 14:53 - 2016-07-09 14:53 - 00000000 _____ C:\WINDOWS\wplog.txt
2016-07-09 14:51 - 2016-07-09 14:52 - 00000000 ____D C:\Program Files\Common Files\designer
2016-07-09 14:45 - 1998-12-07 06:46 - 00153872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msawt.dll
2016-07-09 14:45 - 1998-12-07 06:45 - 00933136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjava.dll
2016-07-09 14:45 - 1998-12-07 06:45 - 00364304 _____ (Microsoft Corporation) C:\WINDOWS\system32\javart.dll
2016-07-09 14:45 - 1998-12-07 06:45 - 00170256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jit.dll
2016-07-09 14:45 - 1998-12-07 04:56 - 00034576 _____ (Microsoft Corporation) C:\WINDOWS\system32\javaprxy.dll
2016-07-09 14:45 - 1998-12-06 17:41 - 00021264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjdbc10.dll
2016-07-09 14:45 - 1998-12-06 17:38 - 00049424 _____ (Microsoft Corporation) C:\WINDOWS\system32\clspack.exe
2016-07-09 14:45 - 1998-12-06 17:37 - 00256272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhelper.dll
2016-07-09 14:45 - 1998-12-06 17:37 - 00046352 _____ (Microsoft Corporation) C:\WINDOWS\setdebug.exe
2016-07-09 14:45 - 1998-12-06 17:36 - 00158992 _____ (Microsoft Corporation) C:\WINDOWS\system32\jview.exe
2016-07-09 14:45 - 1998-12-06 17:36 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wjview.exe
2016-07-09 14:45 - 1998-12-06 17:36 - 00015120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jdbgmgr.exe
2016-07-09 14:45 - 1998-12-06 17:35 - 00139536 _____ (Microsoft Corporation) C:\WINDOWS\system32\javaee.dll
2016-07-09 14:45 - 1998-12-06 17:34 - 00188176 _____ (Microsoft Corporation) C:\WINDOWS\system32\javacypt.dll
2016-07-09 14:45 - 1998-12-06 17:18 - 00007311 _____ C:\WINDOWS\system32\javasup.vxd
2016-07-09 14:45 - 1998-12-06 16:56 - 00021444 _____ C:\WINDOWS\system32\javasec.hlp
2016-07-09 14:45 - 1998-12-06 16:56 - 00011403 _____ C:\WINDOWS\system32\javaperm.hlp
2016-07-09 14:45 - 1998-12-06 16:56 - 00000113 _____ C:\WINDOWS\system32\zonedon.reg
2016-07-09 14:45 - 1998-12-06 16:56 - 00000113 _____ C:\WINDOWS\system32\zonedoff.reg
2016-07-09 14:45 - 1998-12-06 16:53 - 00006550 _____ C:\WINDOWS\jautoexp.dat
2016-07-09 14:45 - 1998-12-06 16:52 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dx3j.dll
2016-07-09 14:42 - 2016-07-09 18:48 - 00000000 ____D C:\Documents and Settings\Petrovici\Local Settings\Application Data\Adobe
2016-07-09 14:42 - 2016-07-09 14:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2016-07-09 14:39 - 2016-07-09 14:39 - 00000708 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
2016-07-09 14:37 - 2016-07-09 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-07-09 14:36 - 2016-07-09 14:36 - 00000000 ____D C:\Program Files\Bonjour
2016-07-09 14:35 - 2016-07-09 14:35 - 00000762 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2016-07-09 14:33 - 2016-07-09 14:33 - 00001100 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2016-07-09 14:33 - 2016-07-09 14:33 - 00000745 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
2016-07-09 14:33 - 2016-07-09 14:33 - 00000000 ____D C:\Program Files\Adobe
2016-07-09 14:30 - 2016-07-09 14:30 - 00000682 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
2016-07-09 14:28 - 2016-07-09 14:28 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-07-09 14:25 - 2016-07-09 14:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-08 16:24 - 2016-07-08 16:24 - 00109594 _____ C:\Documents and Settings\Petrovici\Desktop\frm.TIF
2016-07-07 20:48 - 2016-07-07 20:48 - 00000063 _____ C:\Documents and Settings\Petrovici\My Documents\Untitled1.cpp
2016-07-06 14:33 - 2016-07-06 14:33 - 00001047 _____ C:\Documents and Settings\Petrovici\Start Menu\Programs\GameRanger.lnk
2016-07-06 14:33 - 2016-07-06 14:33 - 00001041 _____ C:\Documents and Settings\Petrovici\Desktop\GameRanger.lnk
2016-07-06 14:33 - 2016-07-06 14:33 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\GameRanger
2016-07-04 19:20 - 2016-07-04 19:20 - 00000093 _____ C:\Documents and Settings\Petrovici\My Documents\ses.cpp
2016-07-04 19:16 - 2016-07-04 19:17 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\Dev-Cpp
2016-07-04 19:16 - 2016-07-04 19:16 - 00000571 _____ C:\Documents and Settings\Petrovici\Desktop\Dev-C++.lnk
2016-07-04 19:16 - 2016-07-04 19:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Bloodshed Dev-C++
2016-07-04 18:38 - 2016-07-04 18:38 - 00000000 ____D C:\Documents and Settings\Petrovici\.idlerc
2016-07-04 17:50 - 2016-07-04 17:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Python 2.7
2016-07-04 17:13 - 2016-07-04 17:13 - 00000000 ____D C:\Documents and Settings\Petrovici\Local Settings\Application Data\AvgSetupLog
2016-07-04 17:13 - 2016-07-04 17:13 - 00000000 ____D C:\Documents and Settings\Petrovici\Local Settings\Application Data\Avg
2016-07-04 17:13 - 2016-07-04 17:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-07-03 21:31 - 2016-07-03 21:31 - 00004964 _____ C:\Documents and Settings\Petrovici\My Documents\seseseses.lfs-pro-tweaker-0-6E-conf-all
2016-07-03 21:29 - 2016-07-18 21:24 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\sesese
2016-07-03 12:45 - 2016-07-03 12:45 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\BU Launcher.lnk
2016-07-03 12:45 - 2016-07-03 12:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BU Launcher
2016-07-02 16:55 - 2016-07-02 16:55 - 00004966 _____ C:\Documents and Settings\Petrovici\My Documents\ses.lfs-pro-tweaker-0-6E-conf-all
2016-06-30 16:56 - 2016-06-30 16:56 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\ddnet
2016-06-29 19:24 - 2016-06-29 19:24 - 00084704 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-06-29 19:23 - 2016-07-09 15:09 - 00000000 ____D C:\Program Files\MSBuild
2016-06-29 19:23 - 2016-06-29 19:23 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2016-06-29 19:23 - 2016-06-29 19:23 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-06-29 19:22 - 2006-06-29 13:07 - 00022752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2016-06-29 19:22 - 2006-06-29 13:07 - 00014048 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg2.dll
2016-06-29 11:18 - 2016-06-29 11:18 - 00000000 _____ C:\Documents and Settings\Petrovici\Desktop\settings.txt
2016-06-29 11:14 - 2012-06-13 19:44 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\13x37 0.6.1 Client - Public 003
2016-06-28 18:13 - 2016-06-28 20:46 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\dvdcss
2016-06-28 12:26 - 2016-06-28 12:26 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\ses2
2016-06-28 12:25 - 2016-06-28 12:25 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\ses
2016-06-28 12:25 - 2015-04-25 12:08 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\presets
2016-06-27 16:08 - 2016-06-27 16:08 - 00000084 _____ C:\Documents and Settings\Petrovici\Desktop\Idi u kurac.txt
2016-06-27 15:19 - 2016-06-27 15:19 - 02631168 _____ (Python Software Foundation) C:\WINDOWS\system32\python27.dll
2016-06-27 13:20 - 2016-06-27 13:20 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\Guitar presets
2016-06-25 13:02 - 2008-07-27 15:05 - 00005799 _____ C:\Documents and Settings\Petrovici\Desktop\Slash.bnk
2016-06-25 13:01 - 2008-08-01 17:44 - 00009255 _____ C:\Documents and Settings\Petrovici\Desktop\Slash - GNR.bnk
2016-06-25 11:54 - 2016-05-21 20:35 - 00000730 _____ C:\Documents and Settings\Petrovici\Desktop\Counter-Strike WaRzOnE.lnk
2016-06-24 15:09 - 2016-06-29 16:17 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Debut
2016-06-24 15:09 - 2016-06-24 15:09 - 00001683 _____ C:\Documents and Settings\All Users\Desktop\NCH Suite.lnk
2016-06-24 15:09 - 2016-06-24 15:09 - 00000781 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Debut Video Capture Software.lnk
2016-06-24 15:09 - 2016-06-24 15:09 - 00000775 _____ C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
2016-06-24 15:09 - 2016-06-24 15:09 - 00000000 ____D C:\Program Files\NCH Software
2016-06-24 15:09 - 2016-06-24 15:09 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\NCH Software
2016-06-24 15:09 - 2016-06-24 15:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
2016-06-24 15:09 - 2016-06-24 15:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2016-06-24 15:09 - 2016-06-24 15:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2016-06-24 14:13 - 2010-03-09 21:35 - 00004626 _____ C:\Documents and Settings\Petrovici\Desktop\Adrenaleppard.ksd
2016-06-24 13:18 - 2016-06-24 13:18 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\Gunsi
2016-06-23 16:03 - 2016-07-19 10:48 - 00000286 _____ C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2016-06-23 16:03 - 2016-06-23 16:03 - 00000835 _____ C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
2016-06-23 16:03 - 2016-06-23 16:03 - 00000823 _____ C:\Documents and Settings\All Users\Desktop\Game Booster 3.lnk
2016-06-23 16:03 - 2016-06-23 16:03 - 00000000 ____D C:\Program Files\IObit
2016-06-23 16:03 - 2016-06-23 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster 3
2016-06-23 16:03 - 2016-06-23 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-06-23 15:58 - 2016-06-13 19:40 - 69999448 _____ (Microsoft Corporation) C:\Documents and Settings\Petrovici\Desktop\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2016-06-23 12:35 - 2016-06-24 10:53 - 00004280 _____ C:\Documents and Settings\Petrovici\Desktop\Pink Numb Lead1.ngrr
2016-06-23 12:35 - 2007-03-18 13:26 - 00243898 _____ C:\Documents and Settings\Petrovici\Desktop\GuitarHack Original Centre.wav
2016-06-21 20:24 - 2016-06-21 20:16 - 108282424 _____ C:\Documents and Settings\Petrovici\Desktop\VID_20160621_201615.3gp
2016-06-21 12:38 - 2016-06-21 12:38 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Zuta Minuta - Gorak Ukus Stvarnosti (2013.)
2016-06-21 12:38 - 2016-06-21 12:38 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Sank-Grad_je_nas_(2010)
2016-06-21 12:38 - 2016-06-21 12:38 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Sank - Treca runda (2013)
2016-06-21 12:38 - 2016-06-21 12:38 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Sank - Price nocnih tramvaja (2011)
2016-06-21 12:38 - 2016-06-21 12:38 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\Sank - Nasa stvar (2015)
2016-06-21 12:36 - 2016-06-21 12:36 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\mortal_kombat-2013-antievrovizijski_koncert_4
2016-06-20 14:06 - 2016-06-28 17:54 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\Audacity
2016-06-20 11:59 - 2016-07-17 18:56 - 00006539 _____ C:\Documents and Settings\Petrovici\Desktop\Sweet Child O' Mine.ngrr
2016-06-20 11:54 - 2013-08-06 02:17 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\Tone Metallica
2016-06-20 11:53 - 2016-06-20 11:57 - 00004356 _____ C:\Documents and Settings\Petrovici\Desktop\Iron Maiden 80s.ngrr
2016-06-20 11:46 - 2012-06-27 14:18 - 00004923 _____ C:\Documents and Settings\Petrovici\Desktop\Iron Maiden Wasted.ngrr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 11:09 - 2016-04-24 20:27 - 00000000 ____D C:\Documents and Settings\Petrovici\My Documents\preuzimanja
2016-07-19 11:09 - 2016-04-23 23:07 - 00000000 ____D C:\Documents and Settings\Petrovici\Local Settings\Temp
2016-07-19 10:53 - 2016-04-23 15:33 - 00588124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-19 10:52 - 2016-04-24 11:09 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2016-07-19 10:49 - 2016-04-27 12:10 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\BitTorrent
2016-07-19 10:48 - 2016-04-23 23:11 - 00000478 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-07-19 10:48 - 2016-04-23 23:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-19 01:58 - 2016-06-05 18:58 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\AIMP
2016-07-18 20:15 - 2016-05-25 13:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-18 20:05 - 2016-04-23 12:48 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2016-07-18 20:00 - 2016-04-23 15:28 - 00000000 ___HD C:\WINDOWS\inf
2016-07-18 18:00 - 2016-04-24 10:46 - 00000452 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2016-07-18 16:39 - 2016-04-23 23:07 - 00000000 ___RD C:\Documents and Settings\Petrovici\My Documents
2016-07-18 12:49 - 2016-04-23 23:07 - 00000178 ___SH C:\Documents and Settings\Petrovici\ntuser.ini
2016-07-18 12:49 - 2016-04-23 23:06 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-18 12:18 - 2016-04-23 12:52 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-17 13:27 - 2016-04-24 11:08 - 00286052 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-07-17 13:27 - 2016-04-24 11:08 - 00286052 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-07-17 13:27 - 2016-04-24 11:08 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-07-16 00:42 - 2016-04-27 08:15 - 03655816 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1614895754-1606980848-1003-0.dat
2016-07-16 00:42 - 2016-04-27 08:15 - 00267694 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-07-15 21:49 - 2016-06-10 18:13 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\Clapton
2016-07-14 19:27 - 2016-05-17 19:33 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\vlc
2016-07-14 18:09 - 2016-04-27 23:36 - 00005120 _____ C:\Documents and Settings\Petrovici\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-14 14:30 - 2016-04-24 20:19 - 00000000 ____D C:\Documents and Settings\Petrovici\Desktop\teeworlds-0.6.3-win32
2016-07-14 12:03 - 2016-04-23 23:07 - 00000000 ____D C:\Documents and Settings\Petrovici
2016-07-14 11:51 - 2016-04-23 23:06 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2016-07-13 12:17 - 2016-04-23 23:11 - 00030088 _____ C:\Documents and Settings\Petrovici\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-07-10 12:33 - 2016-04-23 15:30 - 01460352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-09 17:48 - 2016-04-23 23:08 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\Adobe
2016-07-09 17:34 - 2016-04-23 22:58 - 00000117 _____ C:\WINDOWS\vbaddin.ini
2016-07-09 15:05 - 2016-04-23 15:28 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-07-09 15:05 - 2016-04-23 15:28 - 00000000 ____D C:\WINDOWS\Help
2016-07-09 14:56 - 2016-04-23 22:58 - 00000000 ____D C:\WINDOWS\Registration
2016-07-09 14:55 - 2016-04-23 22:58 - 00000000 ____D C:\Program Files\ComPlus Applications
2016-07-09 14:53 - 2016-04-23 22:58 - 00001309 _____ C:\WINDOWS\vb.ini
2016-07-09 14:53 - 2016-04-23 15:33 - 00004161 _____ C:\WINDOWS\ODBCINST.INI
2016-07-09 14:53 - 2016-04-23 15:28 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-09 14:52 - 2016-04-23 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-09 14:52 - 2016-04-23 15:28 - 00000000 ____D C:\WINDOWS\system
2016-07-09 14:52 - 2016-04-23 15:28 - 00000000 ____D C:\WINDOWS\msapps
2016-07-07 23:09 - 2016-06-17 23:16 - 00000520 _____ C:\Documents and Settings\Petrovici\My Documents\spider.sav
2016-07-07 02:51 - 2016-04-23 23:11 - 00000426 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2016-07-03 12:44 - 2016-06-04 13:43 - 00000000 ____D C:\Documents and Settings\Petrovici\Local Settings\Application Data\Deployment
2016-06-30 17:06 - 2016-04-24 20:41 - 00000000 ____D C:\Documents and Settings\Petrovici\Application Data\Teeworlds
2016-06-29 19:22 - 2016-04-23 15:28 - 00000000 ____D C:\WINDOWS\system32\spool
2016-06-25 13:46 - 2016-06-15 17:58 - 00000026 _____ C:\xml2.txt
2016-06-24 15:14 - 2016-04-23 23:08 - 00000000 ___RD C:\Documents and Settings\Petrovici\My Documents\My Pictures
2016-06-20 14:06 - 2016-06-10 16:05 - 00000576 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
2016-06-20 14:06 - 2016-06-10 16:05 - 00000576 _____ C:\Documents and Settings\All Users\Desktop\Audacity.lnk

==================== Files in the root of some directories =======

2016-04-27 23:36 - 2016-07-14 18:09 - 0005120 _____ () C:\Documents and Settings\Petrovici\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Petrovici\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Petrovici\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\bitool.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\CmdLineExt03.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\DAEMON Tools Lite.exe
C:\Documents and Settings\Petrovici\Local Settings\Temp\ICReinstall_Download_Naruto_Ninja_Storm_3_Mugen_2014_PC_Game.exe
C:\Documents and Settings\Petrovici\Local Settings\Temp\Naruto Ninja Storm 3 MUGEN 201 Downloader__3687_i1919660552_il591184.exe
C:\Documents and Settings\Petrovici\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Petrovici\Local Settings\Temp\vs60wiz.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstaliraj ovaj program:
ByteFence Anti-Malware

Nakon toga,


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2016
Ran by Petrovici (2016-07-20 12:55:53) Run:1
Running from C:\Documents and Settings\Petrovici\Desktop
Loaded Profiles: Petrovici & UpdatusUser (Available Profiles: Petrovici & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1614895754-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-796845957-1614895754-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 2041700 B
Java, Flash, Steam htmlcache => 5220 B
Windows/system/dllcache/drivers => 46373556 B
Edge => 0 B
Chrome => 0 B
Firefox => 387888306 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 66228 B
All Users => 0 B
systemprofile => 186023968 B
LocalService => 692 B
NetworkService => 66228 B
Petrovici => 405891176 B
UpdatusUser => 692 B

RecycleBin => 1600 B
EmptyTemp: => 980.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:58:14 ====

mycity.rs/must-login.png
Eto

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Reci mi kakvo je stanje kad ovo odradis?

Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.
Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Crashuje program

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png


mycity.rs/must-login.png

Nema nista

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje? Da li i dalje imas istih problema?

Ukoliko imas, odradi ovu proceduru, pa javi kako je proslo:

Pritisni zajedno + R, zatim upisi CMD i potvrdi sa OK.
Ukucaj sledecu komandu i potvrdi sa Enter:
chkdsk C: /r
Ako te upita da potvris, ukucaj Y i opet potvrdi sa Enter.
Restartuj racunar i sacekaj da se procedura zavrsi.


Nakon sto je gotovo, potrebno je da dostavis izvestaj.

Pritisni zajedno + R, zatim upisi powershell.exe i potvrdi sa OK.
Ukucaj sledecu komandu i potvri sa Enter:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
Na Desktopu ces naci CHKDSKResults izvestaj koji je potrebno da prikacis u sledecem odgovoru.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Problemi su ostali isti, ispalo je da je problem do lasera. Ocigledno se neki delic odlemio pa je cas dobijao, cas gubio kontakt. Evo kupio sam neki MS mis sa 800dpi, posluzice dok ne skupim kintu za neki bolji

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu.
Jos samo ovo i zavrsili smo

• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.