TrojanDropper:Win32/Dunik dosao i nece da ode

1

TrojanDropper:Win32/Dunik dosao i nece da ode

offline
  • Pridružio: 11 Maj 2003
  • Poruke: 138

zapatio sam "TrojanDropper:Win32/Dunik" i nikako da ga obrisem pokusavao sam normalno antivirusom (microsoft security essentials) i kao obrise ga ali posle opet se pojavljuje i vrlo je dosadan koliko ga obrisem posle malo opet on,propustio sam kroz ccleaner isto,da li postoji neki nacin ili da reinstaliram komp.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav i dobrodošao u Ambulantu.

Potrebno je da ispratiš uputstvo za otvaranje teme i postaviš tražene izvještaje.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 11 Maj 2003
  • Poruke: 138

vazi...nisam znao da su u ambulanti drugacija pravila,sorry! nego da se vratim na moj problem

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by asus (administrator) on ASUS-PC (15-10-2016 10:08:51)
Running from C:\Users\asus\Desktop
Loaded Profiles: asus (Available Profiles: asus)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Viber Media S.à r.l.) C:\Users\asus\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\Run: [Viber] => C:\Users\asus\AppData\Local\Viber\Viber.exe [73298000 2016-09-13] (Viber Media S.à r.l.)
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\MountPoints2: {7494e0ab-58a6-11e6-b98a-5404a697deb2} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\...\MountPoints2: {c6bee00c-b09d-11e5-9f04-5404a697deb2} - K:\Setup\rsrc\autorun.exe
HKU\S-1-5-21-1547056113-4276670871-43777078-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7D0F3305-AB02-4592-8245-7431653820AB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-26] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 08p3lk05.default
FF ProfilePath: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default [2016-10-14]
FF Extension: (SmashMovix) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\Extensions\@smash_movix.xpi [2016-03-04]
FF Extension: (Vlc context menu) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-05-20]
FF SearchPlugin: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\searchplugins\smashmovix.xml [2016-03-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_195.dll [2016-10-13] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-26] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_195.dll [2016-10-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default [2016-10-15]
CHR Extension: (Google Slides) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-26]
CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-26]
CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]
CHR Extension: (YouTube) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-26]
CHR Extension: (uBlock Origin) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-14]
CHR Extension: (Google Search) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]
CHR Extension: (Google Sheets) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-26]
CHR Extension: (Avira Browser Safety) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-01-31] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; D:\WINDOWSI\Windows 7 sp1 prof x86\SpyHunter_4.22.8.4668_Portable\App\SpyHunter\esgiguard.sys [15920 2016-05-19] (Enigma Software Group USA, LLC.)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-15 10:08 - 2016-10-15 10:09 - 00011327 _____ C:\Users\asus\Desktop\FRST.txt
2016-10-15 09:46 - 2016-10-15 09:47 - 02406912 _____ (Farbar) C:\Users\asus\Downloads\FRST64.exe
2016-10-15 00:48 - 2016-10-15 10:08 - 00000000 ____D C:\FRST
2016-10-15 00:47 - 2016-10-15 00:47 - 02406912 _____ (Farbar) C:\Users\asus\Desktop\FRST64.exe
2016-10-14 20:05 - 2016-10-14 20:05 - 00000764 _____ C:\Users\Public\Desktop\Download Reghunter Crac...lnk
2016-10-14 15:22 - 2016-10-14 15:41 - 57025972 _____ C:\Users\asus\Downloads\SpyHunter_4.22.8.4668_Portable.rar
2016-10-05 11:04 - 2016-10-12 20:25 - 00000000 ____D C:\Users\asus\Downloads\PRODAJA ljuba KOMPA
2016-10-04 21:15 - 2016-10-05 16:27 - 00000000 ____D C:\Users\asus\Downloads\PRODAJA DJOLETOVOG KOMPA
2016-10-04 12:31 - 2016-10-04 12:31 - 00045122 _____ C:\Users\asus\Downloads\imgres.htm
2016-10-04 01:36 - 2016-10-05 11:47 - 00000000 ____D C:\Users\asus\AppData\Roaming\EurekaLog
2016-09-25 19:04 - 2016-09-25 19:04 - 01145662 _____ C:\Users\asus\Downloads\KIT_SPID.pdf
2016-09-24 22:53 - 2016-10-10 00:40 - 00000000 ____D C:\Users\asus\AppData\LocalLow\Mozilla
2016-09-24 18:41 - 2016-10-01 10:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 19:11 - 2016-10-14 18:29 - 00000000 ____D C:\Users\Public\Documents\RonyaSoft
2016-09-20 22:08 - 2016-09-20 22:09 - 00000000 ____D C:\Users\asus\AppData\Local\Viber
2016-09-16 13:15 - 2016-09-16 13:16 - 00000000 ____D C:\Users\asus\Any Video Converter 1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-15 10:09 - 2015-12-26 13:20 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2016-10-15 09:47 - 2015-12-26 13:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-15 09:45 - 2009-07-14 06:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-15 09:45 - 2009-07-14 06:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-15 09:39 - 2015-12-26 13:11 - 00000000 ____D C:\Users\asus\AppData\Roaming\ViberPC
2016-10-15 09:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 22:50 - 2016-02-03 22:33 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-10-14 22:17 - 2016-01-31 02:37 - 00000000 ____D C:\Users\asus\AppData\Roaming\DAEMON Tools Lite
2016-10-14 22:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-14 21:36 - 2016-02-03 22:33 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-1547056113-4276670871-43777078-1000.job
2016-10-14 21:25 - 2016-05-25 13:06 - 00000000 ____D C:\AdwCleaner
2016-10-14 18:46 - 2016-01-12 01:20 - 00000000 ____D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-14 18:45 - 2016-04-14 18:46 - 00000000 ____D C:\Users\asus\AppData\Roaming\Gearbox Software
2016-10-14 18:40 - 2016-06-04 20:08 - 00000000 ____D C:\Windows\Minidump
2016-10-14 18:40 - 2016-01-26 15:26 - 00000000 ____D C:\Users\asus\AppData\Roaming\AnvSoft
2016-10-14 18:40 - 2015-12-26 12:29 - 00000000 ____D C:\Users\asus
2016-10-14 18:34 - 2016-05-16 23:04 - 00000000 ____D C:\Program Files (x86)\Activision
2016-10-14 18:34 - 2016-01-01 21:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-14 18:31 - 2016-05-16 23:17 - 00000000 ____D C:\Users\asus\Documents\Activision
2016-10-14 18:28 - 2016-05-15 22:43 - 00000000 ____D C:\Program Files (x86)\R.G. Games
2016-10-14 18:27 - 2016-07-14 01:11 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-10-14 18:26 - 2016-07-02 21:20 - 00000000 ____D C:\Users\asus\Documents\My Games
2016-10-14 18:26 - 2016-04-11 18:20 - 00000000 ____D C:\GOG Games
2016-10-14 18:26 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-14 18:24 - 2016-03-08 19:40 - 00000050 _____ C:\Users\asus\Downloads\ljuba problem hdd.txt
2016-10-14 09:48 - 2015-12-26 13:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-14 09:48 - 2015-12-26 13:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-14 00:39 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-13 22:48 - 2015-12-26 13:06 - 00800448 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-13 22:48 - 2015-12-26 13:06 - 00143040 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-13 22:48 - 2015-12-26 13:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-13 22:48 - 2015-12-26 13:06 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-13 22:47 - 2015-12-26 13:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-12 21:34 - 2016-03-14 21:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 21:34 - 2015-12-31 23:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-10 17:58 - 2016-01-26 20:19 - 00000000 ____D C:\FFOutput
2016-10-08 23:58 - 2016-02-19 19:50 - 00000000 ____D C:\Users\asus\AppData\Roaming\dvdcss
2016-10-08 09:24 - 2016-01-14 18:52 - 00000000 ___RD C:\Users\asus\Documents\Scanned Documents
2016-10-06 14:18 - 2015-12-26 13:05 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451127954
2016-10-06 14:18 - 2015-12-26 13:05 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-05 21:54 - 2015-12-26 12:56 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2016-10-04 16:31 - 2016-04-15 17:11 - 00000000 ____D C:\Users\asus\Downloads\COVERI
2016-10-01 11:02 - 2009-07-14 07:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-01 10:10 - 2015-12-26 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-01 00:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-27 19:18 - 2016-04-15 17:12 - 00000000 ____D C:\Users\asus\Downloads\NEKI DOKUMENTI
2016-09-27 19:17 - 2016-03-02 13:27 - 00000000 ____D C:\Users\asus\Downloads\VESNA+LJUBA
2016-09-23 14:13 - 2015-12-26 13:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-23 14:13 - 2015-12-26 13:20 - 00000000 ____D C:\ProgramData\Skype
2016-09-17 17:28 - 2016-02-04 17:49 - 00000000 ____D C:\Users\asus\AppData\Roaming\Softplicity
2016-09-17 17:20 - 2016-01-18 12:08 - 00000000 ____D C:\Users\asus\AppData\Local\CutePDF Writer
2016-09-17 14:43 - 2009-07-14 06:45 - 00413784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-16 17:56 - 2015-12-26 12:29 - 00110864 _____ C:\Users\asus\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2016-05-27 12:51 - 2016-05-27 12:51 - 0000128 _____ () C:\Users\asus\AppData\Roaming\CatalogMaker.ini
2016-02-03 22:33 - 2016-02-03 22:33 - 0000003 _____ () C:\Users\asus\AppData\Local\updater.log
2016-02-03 22:33 - 2016-08-07 21:55 - 0000424 _____ () C:\Users\asus\AppData\Local\UserProducts.xml
2015-12-26 12:39 - 2015-12-26 12:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\asus\AppData\Local\Temp\AutoRun.exe
C:\Users\asus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\asus\AppData\Local\Temp\binkw32.dll
C:\Users\asus\AppData\Local\Temp\Core.dll
C:\Users\asus\AppData\Local\Temp\eauninstall.exe
C:\Users\asus\AppData\Local\Temp\Engine.dll
C:\Users\asus\AppData\Local\Temp\FFSetup3.9.0.1.exe
C:\Users\asus\AppData\Local\Temp\IFC23.dll
C:\Users\asus\AppData\Local\Temp\libeay32.dll
C:\Users\asus\AppData\Local\Temp\msvci70.dll
C:\Users\asus\AppData\Local\Temp\msvci70d.dll
C:\Users\asus\AppData\Local\Temp\msvcirt.dll
C:\Users\asus\AppData\Local\Temp\msvcp70.dll
C:\Users\asus\AppData\Local\Temp\msvcp70d.dll
C:\Users\asus\AppData\Local\Temp\msvcp71.dll
C:\Users\asus\AppData\Local\Temp\msvcp71d.dll
C:\Users\asus\AppData\Local\Temp\msvcr120.dll
C:\Users\asus\AppData\Local\Temp\MSVCR70.dll
C:\Users\asus\AppData\Local\Temp\MSVCR70d.dll
C:\Users\asus\AppData\Local\Temp\MSVCR71.dll
C:\Users\asus\AppData\Local\Temp\MSVCR71d.dll
C:\Users\asus\AppData\Local\Temp\MSVCRt.dll
C:\Users\asus\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\asus\AppData\Local\Temp\ogg.dll
C:\Users\asus\AppData\Local\Temp\ogg_d.dll
C:\Users\asus\AppData\Local\Temp\Setup.exe
C:\Users\asus\AppData\Local\Temp\sqlite3.dll
C:\Users\asus\AppData\Local\Temp\vorbis.dll
C:\Users\asus\AppData\Local\Temp\vorbisfile.dll
C:\Users\asus\AppData\Local\Temp\vorbisfile_d.dll
C:\Users\asus\AppData\Local\Temp\vorbis_d.dll
C:\Users\asus\AppData\Local\Temp\Window.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-05 11:02

==================== End of FRST.txt ============================

mycity.rs/must-login.png

koristim microsoft security essentials antivirus os: windows 7 pro sp1 x64
problem se javio juce , skinuo sam neki programcic-trainer i posle toga antivirus je poceo da izbacuje poruku "this app detected a potential threat on your pc" i ko sto mi kaze "clean pc" kliknem na to i on ga ocisti ali posle vrlo kratkog vremena opt isto i evo sad dok pisem nekoliko puta iskace poruka i stvarno je dosadna.kada ga ocisti kliknem na karticu "history" u "quarantined items" ima dosta "TrojanDropper:Win32/Dunik" i
"HackTool:Win32/Keygen"
kliknem na "remove all" posle kliknem na "all detected items" i isti slucaj,normalno obrisem i tu sve ali posle nekog vremena opet pocne iz pocetka resetujem komp ali opet isto.probao sam sa ccleanerom,ali opet isto,sa antivirusom,isto.....ne znam sta drugo da uradim,da li ima jos neki program ili sta vec.....

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF Extension: (SmashMovix) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\Extensions\@smash_movix.xpi [2016-03-04]
FF SearchPlugin: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\searchplugins\smashmovix.xml [2016-03-04]
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 11 Maj 2003
  • Poruke: 138

Napisano: 15 Okt 2016 22:33

mycity.rs/must-login.png

evo uradjeno.....

Dopuna: 16 Okt 2016 21:08

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by asus (15-10-2016 22:20:47) Run:1
Running from C:\Users\asus\Desktop
Loaded Profiles: asus (Available Profiles: asus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Extension: (SmashMovix) - C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\Extensions\@smash_movix.xpi [2016-03-04]
FF SearchPlugin: C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\searchplugins\smashmovix.xml [2016-03-04]
EmptyTemp:
*****************

C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\Extensions\@smash_movix.xpi => moved successfully
C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\08p3lk05.default\searchplugins\smashmovix.xml => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17566012 B
Java, Flash, Steam htmlcache => 722 B
Windows/system/drivers => 5131133 B
Edge => 0 B
Chrome => 148455596 B
Firefox => 11576292 B
Opera => 12030688 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 142008 B
LocalService => 0 B
NetworkService => 31270 B
asus => 391283079 B

RecycleBin => 0 B
EmptyTemp: => 567.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:21:13 ====

zaboravio sam da iskopiram ovde, samo sam okacio fajl.....ali sad ispravljam gresku

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 11 Maj 2003
  • Poruke: 138

evo odradjeno je i to samo sto mi izbacilo dva izvestaja pa ja kacim oba za svaki slucaj mozda su bitni "MBAM1" i "MBAM 2"
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Da li ti Windows Defender i dalje prijavljuje malware?

offline
  • Pridružio: 11 Maj 2003
  • Poruke: 138

pa ne, sve je zeleno,par puta sam restartovao komp i do sad nista nije izbacilo,nego samo jos jedno pitanje:kad mi se pojavio taj virus bio mi je prikacen spoljni HD,za svaki slucaj da li i njega da propustim kroz MBAM?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kako želiš. Što se tvog sistema tiče, čist je.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 1160 korisnika na forumu :: 28 registrovanih, 2 sakrivenih i 1130 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bokisha253, Boris90, BORUTUS, cenejac111, CikaKURE, FileFinder, GandorCC, helen1, hyla, Još malo pa deda, Kruger, Mi lao shu, milutin134, Mixelotti, nesa1962, ostoja, Panter, Pikac-47, shone34, Srki94, Srle993, taz1cl, Toper, vathra, Vlada1389, vukovi, yrraf, 79693